Understand how to respond to the announcement of the XZ Utils backdoor.
On March 29th, 2024, a critical security flaw was uncovered in xz-utils, a suite of software widely used for lossless compression in the Linux and macOS ecosystems. This revelation has raised significant concerns due to the potential for unauthorized access and system compromise. The affected versions, namely 5.6.0 and 5.6.1, are part of the xz compression utility that plays a crucial role in compressing various file formats, including release tarballs, software packages, kernel images, and initramfs images.
Various Linux distributions are susceptible to this vulnerability, such as Red Hat’s Fedora 41 and Fedora Rawhide. Red Hat assigned CVE-2024-3094 for this vulnerability with a CVSS score of 10.0 and warned its users to “PLEASE IMMEDIATELY STOP USAGE OF ANY FEDORA RAWHIDE INSTANCES for work or personal activity” until they reverted the compromised library and released the fixed versions.
The backdoor discovered in xz-utils is intricate and indirect, manifesting only under specific conditions. While the full extent of its capabilities is still being investigated, we known it can be triggered by remote unprivileged systems connecting to public SSH ports. This activation can lead to performance issues and potentially compromise system integrity.
Your system may be vulnerable if you have xz or liblzma versions 5.6.0 or 5.6.1 installed, typically found in rolling-release distributions. Check if your system is running a vulnerable version of the package by running
xz –version
and verify the output is less than 5.6.0.
Additional conditions required for the attack:
Given the severity of this vulnerability, prompt action is essential:
The discovery of this backdoor has prompted collaborative efforts within the software community:
The backdoor comprises several components designed to exploit specific conditions:
As investigations continue, it is crucial to remain vigilant and prioritize system updates to mitigate potential risks posed by the xz backdoor. This ongoing situation underscores the importance of proactive security measures and collaborative efforts within the software supply chain to safeguard against evolving threats.
We will update this post as more details emerge.
Contact us if you have questions or concerns about this vulnerability.
*** This is a Security Bloggers Network syndicated blog from Legit Security Blog authored by Ofek Haviv. Read the original post at: https://www.legitsecurity.com/blog/what-you-need-to-know-about-the-xz-utils-backdoor
On March 29, 2024, Red Hat disclosed CVE-2024-3094, scoring a critical CVSS rating of 10. Stemming from a The post…
The Mend.io research team detected more than 100 malicious packages targeting the most popular machine learning (ML) libraries from the…
With global cyber threats and other international tensions growing, what scenarios should state and local governments consider when conducting exercises…
... Read more » The post An Accidental Discovery of a Backdoor Likely Prevented Thousands of Infections appeared first on Deepfactor.
CVE-2024-3094 is a reported supply chain compromise of the xz libraries. The resulting interference with sshd authentication could enable an…
CVE-2024-27198 Lead to Server Takeover Vulnerabilities The post How did CVE-2024-27198 Lead to Critical Vulnerability in JetBrains? appeared first on…