Malicious code exists in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
tukaani xz 5.6.1 |
||
tukaani xz 5.6.0 |
On March 29, 2024, a single message on the Openwall OSS-security mailing list marked an important discovery for the information security, open source and Linux communities: the discovery of a malicious backdoor in XZ. XZ is a compression utility integrated into many popular distributions of Linux. The particular danger of the backdoored library lies in its use by the OpenSSH server process sshd. On several systemd-based distributions, including Ubuntu, Debian and RedHat/Fedora Linux, OpenSSH is ...
New XZ backdoor scanner detects implant in any Linux binary By Bill Toulas April 2, 2024 10:33 AM 0 Firmware security firm Binarly has released a free online scanner to detect Linux executables impacted by the XZ Utils supply chain attack, tracked as CVE-2024-3094. CVE-2024-3094 is a supply chain compromise in XZ Utils, a set of data compression tools and libraries used in many major Linux distributions. Late last month, Microsoft engineer Andres Freud discovered the backdoor in the la...
Red Hat warns of backdoor in XZ tools used by most Linux distros By Sergiu Gatlan March 29, 2024 01:50 PM 0 Today, Red Hat warned users to immediately stop using systems running Fedora development and experimental versions because of a backdoor found in the latest XZ Utils data compression tools and libraries. "PLEASE IMMEDIATELY STOP USAGE OF ANY FEDORA 41 OR FEDORA RAWHIDE INSTANCES for work or personal activity," Red Hat warned on Friday. "No versions of Red Hat Enterprise Linux (RHEL) a...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Red Hat in all caps says STOP USAGE OF ANY FEDORA RAWHIDE INSTANCES AI hallucinates software packages and devs download them
Red Hat on Friday warned that a malicious backdoor found in the widely used data compression library called xz may be present in Fedora Linux 40 and in the Fedora Rawhide developer distribution. The IT giant said the malicious code, which appears to provide remote backdoor access via SSH and systemd, is present in xz 5.6.0 and 5.6.1. The vulnerability has been designated CVE-2024-3094. It is rated 10 out of 10 in CVSS severity. Users of Fedora Linux 40 may have received 5.6.0, depending upon the...