[Info-vax] Issues now found in log4j version 1
Arne Vajhøj
arne at vajhoej.dk
Tue Feb 8 13:59:53 EST 2022
On 2/8/2022 1:28 PM, Simon Clubley wrote:
> On 2022-02-08, Arne Vajhøj <arne at vajhoej.dk> wrote:
>> On 2/8/2022 8:57 AM, Simon Clubley wrote:
>>> On 2022-02-07, Arne Vajhøj <arne at vajhoej.dk> wrote:
>>>> There are plenty of other logging frameworks out there.
>>>>
>>>> Java: jul, logback etc.
>>>> .NET: log4net, NLog etc.
>>>> PHP: log4php, Monolog etc.
>>>> Etc.
>>>
>>> In addition to those, there are also the public facing loggers that
>>> exist within an operating system itself.
>>
>> You mean Windows event log, *nix syslog, VMS various (operator log,
>> audit log etc.)?
>
> Yes. Those do processing of untrusted data and could be nice targets
> for probing, especially those that can be reached via a network port.
>
> If previous security events are anything to go by, there's now going
> to be a good number of people looking at logging in general now that
> researchers have had a high-profile success with log4j.
Likely.
But I suspect they will not do as much crazy stuff as log4j.
Arne
More information about the Info-vax
mailing list