Log4J Bug (Log4Shell) - Any information from GGG if the game is affected?

Dear GGG,
this weekend started really bad with the disclosure of the 0-day Exploit in Log4j (version2) - CVE-2021-44228. Almost any part of "the internet" or devices (mainly IoT) are affected. Even Steam was affected, some say iphones as well, etc...

And there have been public demonstrations on how to infiltrate a computer playing Minceraft simply be sending those specifically crafted packets into the public chat.

Now i am wondering, if PoE is also affected on one or another side?
Especially the possibility with sending crafted chat messages to the public as they did in Minecraft let me feel a bit uncomfortable....

Could you give a short (official) statement about this?

"

as_69 wrote:

Dear GGG,
this weekend started really bad with the disclosure of the 0-day Exploit in Log4j (version2) - CVE-2021-44228. Almost any part of "the internet" or devices (mainly IoT) are affected. Even Steam was affected, some say iphones as well, etc...

And there have been public demonstrations on how to infiltrate a computer playing Minceraft simply be sending those specifically crafted packets into the public chat.

Now i am wondering, if PoE is also affected on one or another side?
Especially the possibility with sending crafted chat messages to the public as they did in Minecraft let me feel a bit uncomfortable....

Could you give a short (official) statement about this?

Well if GGG are running NGFW with IPS (witch I am sure they are), then most of these are already updated about this and will block trafic with that exploit signatur.
So the servers are properly already protected against this.

But if I understand you correctly, you are worried that when you are running the PoE client you can be directly attacked from the internet ??
I hope you are using a Firewall on your pc / ISP router or modem because that should only allow outgoing trafic (and their statefull reply) = you can't be attacked from the outside....

"

HanSoloDK wrote:

Well if GGG are running NGFW with IPS (witch I am sure they are), then most of these are already updated about this and will block trafic with that exploit signatur.
So the servers are properly already protected against this.

But if I understand you correctly, you are worried that when you are running the PoE client you can be directly attacked from the internet ??
I hope you are using a Firewall on your pc / ISP router or modem because that should only allow outgoing trafic (and their statefull reply) = you can't be attacked from the outside....

Hi HanSoloDK,
the problem with this threat is, that an attacker does not need to have any privileges on any system and does not need any rights for inbound connections.

They just need to trigger a Log Message in "Apache log4j" with an "evil" action (which is then parsed by log4j). For example, you send a simple http POST request to a website and as payload you define a string which does whatever you want. Let's say, the web server typically would response with a "not allowed" or something like that, the log4j library sees the full log message of your request and triggers any action which you sent in the payload.
Please don't ask me why a log parser is allowed to automatically start actions based on the log content...it seems someone was requesting such a feature a couple of years ago and a developer quickly implemented such a function....This is totally ridiculous as we now know what can happen with such "features"....but most of IT staff (worldwilde) had a really bad weekend now - and we don't even know what will happen on monday... ;)

Currently seen PoCs seem to show that it is mainly used to download (meaning, this is a connection initiated outbound to the internet, so typically not filtered...) crypto miners which then run on the system.

In Minecraft the exploit was used by sending crafted messages to the public chat, basically affecting all users who were currently online and receiving this chat (log) message. So this triggered remotely and affected all clients, as they are connected to the "public chat".
Source: https://github.com/HyCraftHD/Log4J-RCE-Proof-Of-Concept

[edit]
here is a video explaining how this attack works:
https://www.youtube.com/watch?v=OGIH3ulSk-Q

People have already started to patch the vulnerability....

I would only raise awareness for small indie companies like Blizzard for now.

And why would you need GGG to release any kind of info regarding this ? Are you an potential investor for them to even release this things to you or whoever wants this info ?

Also this exploit is for java jdks are you even sure they even run something with java ?

Cuz from what I saw from people coding things for GGG most of them use C .

Maybe stretching a bit , but what company even uses java to code games ? Except probably minecraft which values portability.

"

Vendetta wrote:

I would only raise awareness for small indie companies like Blizzard for now.

This one made me really laugh :) nice one.

"

Vendetta wrote:

And why would you need GGG to release any kind of info regarding this ? Are you an potential investor for them to even release this things to you or whoever wants this info ?

No, i don't hold any shares nor do plan to invest :D
I'm not a native speaker, maybe i was writting to harsh. But i just spent almost the whole weekend at work to get back feedback from vendors etc... probably have seen to many posts about what is impacted etc...

"

Vendetta wrote:

Also this exploit is for java jdks are you even sure they even run something with java ?

No, and i didn't even say that. That's why i asked. If they don't use that Apache log4j library in any form, they should be fine and it could be an easy one-liner to say "PoE is not affected" for those people who are concerned.