Recent content by jasonmicron

Here. https://nvd.nist.gov/vuln/detail/CVE-2021-4104 Disclosed by Red Hat. Here is the original disclosure: https://access.redhat.com/security/cve/CVE-2021-4104

Hmm. Forgot about Sasser. Nice reminder @ForkWNY ! https://en.wikipedia.org/wiki/Sasser_%28computer_worm%29?wprov=sfla1 As I've learned more about this vulnerability I think it is indeed more critical than initially thought. Not because of the method to remediate - we already know that's easy...

IMO it can be pretty bad because, unless you're the app developer, you need to wait for the developer to implement those mitigations. And then apply their patch. Yes, it does seem easy to mitigate ourselves manually but if the app has an update that overwrites your mitigations then it is sort...

Oh we have... yea, dunno how this affects 1.2. But it's been a busy weekend and first workday after the weekend. There are a ton of nooks and crannies to check.

I think the consensus here is that you don't need to worry about it. The ASUS firmware doesn't appear to utilize this java feature. If you swapped out your routers, and if ASUS did utilize log4j, you wouldn't gain anything by swapping hardware other than an angry family because you took down...

I think you're referring to Slammer: https://www.wired.com/2003/07/slammer/ Yea, that was ... bad. I agree w/ ya, I don't think this is anywhere near as bad as people think, but it is still a huge exposure due to the amount of java-based webapps out on the internet. Personally, I'd love it if...

Yep - but admittedly I haven't looked at the code ASUS developed to know whether or not they use log4j. I'm feeling positive that Merlin has, and he says we're good. So that's good enough for me, for now. We don't know for sure though unless we see the source, and I'm assuming the underlying...

You're misunderstanding the issue. You can log whatever you want in your own way. The issue is the underlying software provided from ASUS. This probably isn't the "worst threat in modern computing" but it is certainly in the top 5. The magnitude of this is pretty heavy. A lot of software...

Came here to ask this same question. Ubiquiti routers are definitely affected: https://community.ui.com/releases/UniFi-Network-Application-6-5-54/d717f241-48bb-4979-8b10-99db36ddabe1 We use those at our office, which made me wonder if the ASUS firmware also utilizes the log4j library. Just...