Security News > 2024 > March > Beware! Backdoor found in XZ utilities used by many Linux distros (CVE-2024-3094)
A vulnerability in XZ Utils, the XZ format compression utilities included in most Linux distributions, may "Enable a malicious actor to break sshd authentication and gain unauthorized access to the entire system remotely," Red Hat warns.
The cause of the vulnerability is actually malicious code present in versions 5.6.0 and 5.6.1 of the xz libraries, which was accidentally found by Andres Freund, a PostgreSQL developer and software engineer at Microsoft.
"Luckily xz 5.6.0 and 5.6.1 have not yet widely been integrated by Linux distributions, and where they have, mostly in pre-release versions."
"The malicious code found in the latest versions of the xz libraries show just how critical it is to have a vigilant and veteran Linux security team monitoring software supply chain channels," Vincent Danen, VP, Product Security at Red Hat, told Help Net Security.
"Red Hat, along with CISA and other Linux distributions, were able to identify, assess and help remediate this potential threat before it posed a significant risk to the broader Linux community."
CISA has advised developers and users to downgrade XZ Utils to an uncompromised version and to hunt for any malicious activity and report any positive findings to the agency.
News URL
https://www.helpnetsecurity.com/2024/03/29/cve-2024-3094-linux-backdoor/
Related news
- Red Hat warns of backdoor in XZ tools used by most Linux distros (source)
- Malicious SSH backdoor sneaks into xz, Linux world's data compression library (source)
- Urgent: Secret Backdoor Found in XZ Utils Library, Impacts Major Linux Distros (source)
- XZ Utils backdoor update: Which Linux distros are affected and what can you do? (source)
- New XZ backdoor scanner detects implant in any Linux binary (source)
- XZ Utils Supply Chain Attack: A Threat Actor Spent Two Years to Implement a Linux Backdoor (source)
- Week in review: Backdoor found in XZ utilities, weaponized iMessages, Exchange servers at risk (source)
- Malicious xz backdoor reveals fragility of open source (source)
- Malicious Code in XZ Utils for Linux Systems Enables Remote Code Execution (source)
- xz Utils Backdoor (source)