|
I also ran the SQL script. I got 32 hits.
Now what do I do with that list?
On Tue, Dec 14, 2021 at 5:38 PM Charles Wilt <charles.wilt@xxxxxxxxx>
wrote:
Brad,the
They don't need credentials because the malicious code runs in the same
context as the Java app with a vulnerable version of log4j.
The full vulnerability, older JVM + log4j2, is really bad as the
malicious actor gets to load & run his/her own code from a remote server.
As I understand it, with a newer JVM, it's not quite as bad, given that
malicious actor has to find and mis-use a local java class; however, Fromto
https://mbechler.github.io/2021/12/10/PSA_Log4Shell_JNDI_Injection/
References and object construction with factories are still supported,describes
just remote codebases are prohibited. Michael Stepankin in
https://www.veracode.com/blog/research/exploiting-jndi-injections-java
how the Apache XBean *BeanFactory* can be used in a returned Reference
Ifachieve code execution. This class has to be locally available on the
targeted system, however, it is for example included in Apache Tomcat.
vectoryour application runs in Tomcat, bad luck.
https://github.com/veracode-research/rogue-jndi also has another
hardfor WebSphere.
Now I am not a Java guru, nor have I really spent any time working on how
to maliciously work an IBM i...so I can't give you a step by step or a
example. But I can say that my repo on our dev box with code for runningsystem..
Apache Camel & Kafka on the IBM i popped up on our security teams radar.
Luckily, most malicious actors concentrate on Windows/Linux. But I'm
willing to bet some of them are familiar with the IBM i.
Charles
On Tue, Dec 14, 2021 at 1:38 PM Brad Stone <bvstone@xxxxxxxxx> wrote:
Thanks for clipping this from my post:
Not a hypothetical.. real world. Maybe if you found it on your
wrote:step us through how someone could cause harm without having credentialsto
your system.
Thanks..... maybe there will be another TP shortage because of this...
On Tue, Dec 14, 2021 at 12:50 PM Jack Woehr via MIDRANGE-L <
midrange-l@xxxxxxxxxxxxxxxxxx> wrote:
On Tue, Dec 14, 2021 at 11:40 AM Brad Stone <bvstone@xxxxxxxxx>
variables...someone
Anyone care to share a real world example of how this would hurt
on
the IBM i? From what I understand it requires a lot of
theone
being that the attacker needs to be able to inject commands into
https://www.fastly.com/blog/digging-deeper-into-log4shell-0day-rce-exploit-found-in-log4jlogger.
https://www.youracclaim.com/badges/528d23d6-087f-4698-8d17-d59688106ac4/public_url
--
Jack Woehr, IBM Champion 2021
<
mailingreceivedAbsolute Performance, Inc.
12303 Airport Way, Suite 100
Broomfield, CO 80021
NON-DISCLOSURE NOTICE: This communication including any and all
attachments is for the intended recipient(s) only and may contain
confidential and privileged information. If you are not the intended
recipient of this communication, any disclosure, copying further
distribution or use of this communication is prohibited. If you
delete/destroythis communication in error, please contact the sender and
all copies of this communication immediately.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
affiliatelistrelated
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription
questions.
Help support midrange.com by shopping at amazon.com with our
relatedlistlink: https://amazon.midrange.com--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription
listquestions.--
Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
--
KCrawford
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
