Fractal Softworks Forum

Please login or register.

Login with username, password and session length
Advanced search  

News:

Starsector 0.97a is out! (02/02/24); New blog post: Simulator Enhancements (03/13/24)

Author Topic: Log4J attack!  (Read 2110 times)

xenoargh

  • Admiral
  • *****
  • Posts: 5078
  • naively breaking things!
    • View Profile
Log4J attack!
« on: December 12, 2021, 10:35:01 AM »

This is probably Old News for most of the IT pros here, but be aware that Log4J (which is used by Starsector, Minecraft, a wide variety of Linux distros, etc., etc.) has been successfully attacked and allows for a very broad assault on end-users' machines. This security flaw has been patched by the Log4J team in the current version.
Logged
Please check out my SS projects :)
Xeno's Mod Pack

Alex

  • Administrator
  • Admiral
  • *****
  • Posts: 23987
    • View Profile
Re: Log4J attack!
« Reply #1 on: December 12, 2021, 12:39:56 PM »

The fact that Starsector is a single-player game entirely aside (and so isn't subject to the Minecraft "chat message" attack vector type of thing), the version of log4j it's using also fortunately doesn't have this vulnerability, by virtue of being too old.
Logged

xenoargh

  • Admiral
  • *****
  • Posts: 5078
  • naively breaking things!
    • View Profile
Re: Log4J attack!
« Reply #2 on: December 14, 2021, 12:28:11 PM »

Well, sometimes using an old codebase has its advantages, lol.

I mainly wanted to make sure people were informed and did the basics to check their projects out, as this is a pretty nasty Zero Day exploit.
Logged
Please check out my SS projects :)
Xeno's Mod Pack