14 Dec
2021
14 Dec
'21
12:43 a.m.
I'm surprised I haven't seen this mentioned yet.
An internet red alert went out Friday on a new zero-day exploit. It is an input validation problem where Java's Log4j module can be instructed via a specially crafted string to fetch and execute code from a remote LDAP server. It has been designated the Log4shell exploit (CVE-2021-44228).
Although I don't use it, I immediately thought of Solr, which provides some dovecot installations with search indexing. Can dovecot be made to pass on arbitrary loggable strings to affected versions of Solr (7.4.0-7.7.3, 8.0.0-8.11.0)?
Those running Solr to implement Dovecot FTS should look at
https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228Joseph Tam jtam.home@gmail.com