Security News > 2024 > April > New XZ backdoor scanner detects implant in any Linux binary
Firmware security firm Binarly has released a free online scanner to detect Linux executables impacted by the XZ Utils supply chain attack, tracked as CVE-2024-3094.
Late last month, Microsoft engineer Andres Freud discovered the backdoor in the latest version of the XZ Utils package while investigating unusually slow SSH logins on Debian Sid, a rolling release of the Linux distribution.
Following the discovery of the backdoor, a detection and remediation effort was started, with CISA proposing downgrading the XZ Utils 5.4.6 Stable and hunting for and reporting any malicious activity.
To address this problem, Binarly developed a dedicated scanner that would work for the particular library and any file carrying the same backdoor.
"One of the core techniques used by the XZ backdoor to gain initial control during execution is the GNU Indirect Function attribute for the GCC compiler to resolve indirect function calls in runtime," explains Binarly.
Red Hat warns of backdoor in XZ tools used by most Linux distros.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-29 | CVE-2024-3094 | Embedded Malicious Code vulnerability in Tukaani XZ 5.6.0/5.6.1 Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. | 10.0 |