{"id":10361,"date":"2021-12-13T16:41:49","date_gmt":"2021-12-13T13:41:49","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=10361"},"modified":"2021-12-13T16:41:49","modified_gmt":"2021-12-13T13:41:49","slug":"log4shell-critical-vulnerability-in-apache-log4j","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/log4shell-critical-vulnerability-in-apache-log4j\/10361\/","title":{"rendered":"Apache Log4j k\u00fct\u00fcphanesindeki kritik g\u00fcvenlik a\u00e7\u0131\u011f\u0131"},"content":{"rendered":"

\u00c7e\u015fitli haber kaynklar\u0131, Apache Log4j k\u00fct\u00fcphanesinde CVE-2021-44228<\/a> no.lu (CVSS \u00f6nem d\u00fczeyi 10 \u00fczerinden 10 olan) kritik bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131 ke\u015ffedildi\u011fini duyurdu. Milyonlarca Java uygulamas\u0131, hata mesajlar\u0131n\u0131 g\u00fcnl\u00fc\u011fe kaydetmek i\u00e7in bu k\u00fct\u00fcphaneyi kullan\u0131yor. Daha da k\u00f6t\u00fcs\u00fc, sald\u0131rganlar halihaz\u0131rda bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131ndan aktif olarak yararlan\u0131yor. Bu nedenle Apache Foundation, t\u00fcm geli\u015ftiricilerin kulland\u0131klar\u0131 k\u00fct\u00fcphaneyi 2.15.0 s\u00fcr\u00fcm\u00fcne g\u00fcncellemelerini, e\u011fer bu m\u00fcmk\u00fcn de\u011filse Apache Log4j G\u00fcvenlik A\u00e7\u0131klar\u0131 sayfas\u0131nda<\/a> belirtilen y\u00f6ntemlerden birini kullanmalar\u0131n\u0131 \u00f6neriyor.<\/p>\n

CVE-2021-44228 neden bu kadar tehlikeli?<\/h2>\n

Log4Shell veya LogJam olarak da adland\u0131r\u0131lan CVE-2021-44228 g\u00fcvenlik a\u00e7\u0131\u011f\u0131, Uzaktan Kod Y\u00fcr\u00fctme (Remote Code Execution \u2013 RCE)<\/a> s\u0131n\u0131f\u0131nda yer alan bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131d\u0131r. Sald\u0131rganlar herhangi bir sunucuda bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131ndan yararland\u0131\u011f\u0131nda, iste\u011fe ba\u011fl\u0131 kod y\u00fcr\u00fctme ve potansiyel olarak sistemin t\u00fcm kontrol\u00fcn\u00fc ele ge\u00e7irme imkan\u0131na sahip olurlar.<\/p>\n

CVE-2021-44228\u2019i \u00f6zellikle tehlikeli yapan \u015fey, bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131ndan yararlanman\u0131n kolay olmas\u0131d\u0131r: Deneyimsiz bir hacker bile bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 kullanarak ba\u015far\u0131l\u0131 bir sald\u0131r\u0131 ger\u00e7ekle\u015ftirebilir. Ara\u015ft\u0131rmac\u0131lara g\u00f6re sald\u0131rganlar\u0131n uygulaman\u0131n g\u00fcnl\u00fc\u011fe tek bir dize (string) yazmaya zorlamas\u0131 yeterli, ard\u0131ndan message lookup substitution<\/em> (mesaj arama de\u011fi\u015fim) fonksiyonu sayesinde kendi kodlar\u0131n\u0131 uygulamaya y\u00fckleyebiliyorlar.<\/p>\n

CVE-2021-44228 g\u00fcvenlik a\u00e7\u0131\u011f\u0131ndan yararlanan sald\u0131r\u0131larla ilgili Kavram Kan\u0131tlar\u0131na (Proof of Concept \u2013 PoC)<\/a> internetten ula\u015f\u0131labiliyor. Bu nedenle, siber g\u00fcvenlik \u015firketlerinin g\u00fcvenlik a\u00e7\u0131\u011f\u0131na sahip uygulamalar\u0131 bulmak i\u00e7in ger\u00e7ekle\u015ftirilen b\u00fcy\u00fck \u00e7apl\u0131 a\u011f taramalar\u0131 ve bal k\u00fcplerine (honeypots) y\u00f6nelik sald\u0131r\u0131larla kar\u015f\u0131la\u015fmas\u0131 hi\u00e7 de \u015fa\u015f\u0131rt\u0131c\u0131 de\u011fil.<\/p>\n

G\u00fcvenlik a\u00e7\u0131\u011f\u0131, Alibaba Bulut G\u00fcvenlik Ekibinden Chen Zhaojun taraf\u0131ndan ke\u015ffedildi.<\/p>\n

Apache Log4J nedir ve bu k\u00fct\u00fcphane neden bu kadar pop\u00fcler?<\/h2>\n

Apache Log4j, Apache G\u00fcnl\u00fckleme Projesinin (Logging Project) bir par\u00e7as\u0131d\u0131r. Genel olarak, hatalar\u0131 g\u00fcnl\u00fc\u011fe kaydetmenin en kolay yollar\u0131ndan biri bu k\u00fct\u00fcphanenin kullan\u0131lmas\u0131 oldu\u011fu i\u00e7in \u00e7o\u011fu Java geli\u015ftiricisi bu k\u00fct\u00fcphaneyi kullanmay\u0131 tercih ediyor.<\/p>\n

Amazon, Apple iCloud, Cisco, Cloudflare, ElasticSearch, Red Hat, Steam, Tesla, Twitter ve daha bir\u00e7o\u011fu da dahil olmak \u00fczere \u00e7ok say\u0131da b\u00fcy\u00fck yaz\u0131l\u0131m \u015firketi ve online servis Log4j k\u00fct\u00fcphanesini kullan\u0131yor. K\u00fct\u00fcphanenin bu kadar pop\u00fcler olmas\u0131 nedeniyle baz\u0131 bilgi g\u00fcvenli\u011fi ara\u015ft\u0131rmac\u0131lar\u0131, \u00f6n\u00fcm\u00fczdeki birka\u00e7 g\u00fcn i\u00e7inde savunmas\u0131z sunuculara y\u00f6nelik sald\u0131r\u0131larda \u00f6nemli \u00f6l\u00e7\u00fcde art\u0131\u015f ya\u015fanmas\u0131n\u0131 bekliyor.<\/p>\n

\n

#Log4Shell<\/a> pic.twitter.com\/1bKDwRQBqt<\/a><\/p>\n

\u2014 Florian Roth (@cyb3rops) December 10, 2021<\/a><\/p><\/blockquote>\n