Even though log4net and log4j are related (both are apache projects), the bug is Java only. And even then, it's only log4j2 that's actually vulnerable. I sincerely doubt that .Net has JNDI support.
Rory Slegtenhorst rory dot slegtenhorst at gmail dot com On Mon, Dec 13, 2021 at 8:39 PM Ai Austin <ai.ai.aus...@gmail.com> wrote: > I have been told by the University it is under serious attack (as are > lots of other institutions and servers) by the latest Zero-day > exploiting Apache Log4j logging library... Does anyone know if our > logging using Log4net is impacted (or linked in some way to the > libraries) or that we might be vulnerable? > > here are the notes sent to those running servers by our tech team today... > > >I suspect that you will have heard of the latest zero-day exploit to > >hit the news - the Apache Log4j logging library, used by a large > >number of both open source and proprietary software, can be easily > >exploited to take control of vulnerable systems remotely. We are > >already seeing a large number of probes against the systems that we > >manage, testing for their vulnerability to this exploit. We are > >confident that your system(s) are similarly being probed. > > > >The University has put in place some protection against this > >vulnerability, but it is crude protection and expected to be worked > >around fairly swiftly. The only real protection is to take > >vulnerable systems off-line until they are patched. > > > >Identifying whether a system is vulnerable to this exploit is non > >trivial as Log4j is commonly shipped in a JAR file with an > >application - it is not just as simple as checking (with rpm or > >dpkg) which version of Log4j is installed on the system. > > > >The following web-site includes a list of software which is known to > >be affected - > >https://www.techsolvency.com/story-so-far/cve-2021-44228-log4j-log4shell/. > > >Guidance from the National Cyber Security Centre is available at :- > >https://www.ncsc.gov.uk/news/apache-log4j-vulnerability > > _______________________________________________ > Opensim-dev mailing list > Opensim-dev@opensimulator.org > http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev > _______________________________________________ Opensim-dev mailing list Opensim-dev@opensimulator.org http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev
