Security News > 2024 > April > New XZ backdoor scanner detects implant in any Linux binary

New XZ backdoor scanner detects implant in any Linux binary
2024-04-02 14:33

Firmware security firm Binarly has released a free online scanner to detect Linux executables impacted by the XZ Utils supply chain attack, tracked as CVE-2024-3094.

Late last month, Microsoft engineer Andres Freud discovered the backdoor in the latest version of the XZ Utils package while investigating unusually slow SSH logins on Debian Sid, a rolling release of the Linux distribution.

Following the discovery of the backdoor, a detection and remediation effort was started, with CISA proposing downgrading the XZ Utils 5.4.6 Stable and hunting for and reporting any malicious activity.

To address this problem, Binarly developed a dedicated scanner that would work for the particular library and any file carrying the same backdoor.

"One of the core techniques used by the XZ backdoor to gain initial control during execution is the GNU Indirect Function attribute for the GCC compiler to resolve indirect function calls in runtime," explains Binarly.

Red Hat warns of backdoor in XZ tools used by most Linux distros.


News URL

https://www.bleepingcomputer.com/news/security/new-xz-backdoor-scanner-detects-implant-in-any-linux-binary/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-03-29 CVE-2024-3094 Embedded Malicious Code vulnerability in Tukaani XZ 5.6.0/5.6.1
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0.
network
low complexity
tukaani CWE-506
critical
10.0

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Linux 17 373 2478 1533 666 5050