Vincent Durand madwork

Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)

Errors, typos, something to say ?

If you want to add a link, comment or send it to me
Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak

Other great resources

Royce Williams list sorted by vendors responses Royce List
Very detailed list NCSC-NL
The list maintained by U.S. Cybersecurity and Infrastructure Security Agency: CISA List

If you are getting something like the following, on a box without ipv6 connectivity:

/opt/rbenv/versions/1.9.3-p547/lib/ruby/gems/1.9.1/gems/excon-0.44.4/lib/excon/socket.rb:291:in `raise_timeout_error': read timeout reached (Excon::Errors::Timeout)
	from /opt/rbenv/versions/1.9.3-p547/lib/ruby/gems/1.9.1/gems/excon-0.44.4/lib/excon/socket.rb:49:in `rescue in readline'
	[...]
	from /opt/rbenv/versions/1.9.3-p547/lib/ruby/gems/1.9.1/gems/fog-core-1.29.0/lib/fog/core/connection.rb:81:in `request'
	from /opt/rbenv/versions/1.9.3-p547/lib/ruby/gems/1.9.1/gems/fog-1.28.0/lib/fog/rackspace/service.rb:42:in `request'
	from /opt/rbenv/versions/1.9.3-p547/lib/ruby/gems/1.9.1/gems/fog-1.28.0/lib/fog/rackspace/storage.rb:444:in `request'
	from /opt/rbenv/versions/1.9.3-p547/lib/ruby/gems/1.9.1/gems/fog-1.28.0/lib/fog/rackspace/requests/storage/put_object.rb:35:in `put_object'

	package main

	import (
	"context"
	"flag"
	"fmt"
	"log"
	"net/http"
	"os"
	"os/signal"

	############################################################################
	# #
	# ------- Useful Docker Aliases -------- #
	# #
	# # Installation : #
	# copy/paste these lines into your .bashrc or .zshrc file or just #
	# type the following in your current shell to try it out: #
	# wget -O - https://gist.githubusercontent.com/jgrodziski/9ed4a17709baad10dbcd4530b60dfcbb/raw/d84ef1741c59e7ab07fb055a70df1830584c6c18/docker-aliases.sh \| bash
	# #
	# # Usage: #

	user web;

	# One worker process per CPU core.
	worker_processes 8;

	# Also set
	# /etc/security/limits.conf
	# web soft nofile 65535
	# web hard nofile 65535
	# /etc/default/nginx

	# Multiple inheritance with Modules as an alternative to injected composition
	# from Sandi Metz's talk [Nothing is Something](http://confreaks.tv/videos/bathruby2015-nothing-is-something)

	# Like Sandi's 'direct' DI method this has behavior outside of the base class
	# that gets composed together. However in this gist I compose modules in class
	# definitions instead of injecting collaborators.

	# Tradeoffs between this and Sandi's version are that in this case the API consumer doesn't
	# have to know how to make a RandomEchoHouse (no `house = House.new(formatter: Whatever.new)`),
	# but also the API consumer can't make anything not already accounted for either.

	Plugboard = Hash[*('A'..'Z').to_a.sample(20)]
	Plugboard.merge!(Plugboard.invert)
	Plugboard.default_proc = proc { \|_, key\| key }

	def build_a_rotor
	Hash[('A'..'Z').zip(('A'..'Z').to_a.shuffle)]
	end

	ROTOR_1, ROTOR_2, ROTOR_3 = build_a_rotor, build_a_rotor, build_a_rotor

	# decode_session_cookie.rb
	# ------------------------
	# The purpose of this script is to show that if I have the secret_key_base
	# and a cookie to an active Rails session, I can decrypt it and gain access
	# to key information about the user's session.

	require 'rubygems'
	require 'cgi'
	require 'active_support'

	class Api::UploadsController < ApiController

	def create
	@upload = Upload.new(upload_params)
	ensure
	clean_tempfile
	end

	private

	# config/routes.rb
	resources :documents do
	scope module: 'documents' do
	resources :versions do
	post :restore, on: :member
	end

	resource :lock
	end
	end