Yeah this is a big deal. And whilst the big guys will patch it out almost immediately, or stop using the logging program, you just know there will be hundreds of thousands of small companies and individuals affected by this. As the server guy for my company, I was informed about it and checked it out straight away, luckily the only plugin that we have which might have been affected is uninstalled on our servers. But it's going to catch a lot of people out. Anyone who runs a server needs to see this and check if anything they have installed is using log4j.
Comment has been collapsed.
Yes this is bad, regarding steam they already acted to prevent damage
Comment by JonP_valve:
We immediately reviewed our services that use log4j and verified that our network security rules blocked downloading and executing untrusted code. We do not believe there are any risks to Steam associated with this vulnerability.
Comment by JonP_valve:
The early discussion on twitter mentioned Steam specifically but they were talking strictly about the server side - not the Steam client. It appears they were using "a DNS lookup occurred" as enough to indicate a potentially-vulnerable system. However we were able to confirm that Steam servers were not at risk of running untrusted external code via this log4j issue.
Comment has been collapsed.
I saw a mention were someone tested the attack on steam search box by using the proof-of-concept ${jndi:ldap}
thing with a dns logger:
Comment has been collapsed.
If anybody needs extra info, list of security advisories per company (not mine, just spreading info):
https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592
Comment has been collapsed.
14 Comments - Last post 2 minutes ago by pb1
2,064 Comments - Last post 3 minutes ago by MeguminShiro
1,300 Comments - Last post 15 minutes ago by LuckyStrike1305
1,397 Comments - Last post 24 minutes ago by star4you
821 Comments - Last post 28 minutes ago by WaxWorm
58 Comments - Last post 45 minutes ago by WaxWorm
15,392 Comments - Last post 45 minutes ago by LuciferLove
33 Comments - Last post 24 seconds ago by CountryFried
5 Comments - Last post 29 seconds ago by Lugum
501 Comments - Last post 4 minutes ago by Gamy7
26 Comments - Last post 13 minutes ago by AiKirika
79 Comments - Last post 14 minutes ago by jahas10
81 Comments - Last post 17 minutes ago by FullMetalZ
10,370 Comments - Last post 20 minutes ago by WaxWorm
Article on theguardian.com
"So far iCloud, Steam, and Minecraft have all been confirmed vulnerable."
Well, yeah... There aren't already enough bad news, I guess
Comment has been collapsed.