Recherche : [CVE-2024-3094]

XZ Utils Supply Chain Puzzle: Binarly Ships Free Scanner for CVE-2024-3094 Backdoor https://www.binarly.io/blog/xz-utils-supply-chain-puzzle-binarly-ships-free-scanner-for-cve-2024-3094-backdoor

03/04/2024 17:01:35

On March 29, right before Easter weekend, we received notifications about something unusual happening with the open-source project XZ Utils, which provides lossless data compression on virtually all Unix-like operating systems, including Linux.

The initial warning was sent to the Open Source Security mailing list sent by Andres Freund, who discovered that XZ Utils versions 5.6.0 and 5.6.1 are impacted by a backdoor. A few hours later, the US government’s CISA and OpenSSF warned about a critical problem: an installed XZ backdoored version could lead to unauthorized remote access.

GitHub - amlweems/xzbot: notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094) https://github.com/amlweems/xzbot?tab=readme-ov-file#ed448-patch

01/04/2024 18:42:40

notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094) - amlweems/xzbot

What we know about the xz Utils backdoor that almost infected the world https://arstechnica.com/security/2024/04/what-we-know-about-the-xz-utils-backdoor-that-almost-infected-the-world/

01/04/2024 14:31:08

Malicious updates made to a ubiquitous tool were a few weeks away from going mainstream.

Check if you're vulnerable to CVE-2024-3094 https://www.latio.tech/posts/CVE-2024-3094

01/04/2024 10:36:57

CVE-2024-3094 is the new hot one and it’s extremely critical; however, impact should be limited as most normal linux distros are unaffected. Here’s some stuff to know:

xz-utils backdoor situation https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27?ref=news.risky.biz

01/04/2024 10:36:09

This is still a new situation. There is a lot we don't know. We don't know if there are more possible exploit paths. We only know about this one path. Please update your systems regardless. Unknown unknowns are safer than known unknowns.

This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't know much about what's going on.

xz/liblzma: Bash-stage Obfuscation Explained - gynvael.coldwind//vx.log https://gynvael.coldwind.pl/?lang=en&id=782

01/04/2024 10:35:47

esterday Andres Freund emailed oss-security@ informing the community of the discovery of a backdoor in xz/liblzma, which affected OpenSSH server (huge respect for noticing and investigating this). Andres' email is an amazing summary of the whole drama, so I'll skip that. While admittedly most juicy and interesting part is the obfuscated binary with the backdoor, the part that caught my attention – and what this blogpost is about – is the initial part in bash and the simple-but-clever obfuscation methods used there. Note that this isn't a full description of what the bash stages do, but rather a write down of how each stage is obfuscated and extracted.

XZ Utils backdoor https://tukaani.org/xz-backdoor/

30/03/2024 16:28:24

This page is short for now but it will get updated as I learn more about the incident. Most likely it will be during the first week of April 2024.

The Git repositories of XZ projects are on git.tukaani.org.

xz.tukaani.org DNS name (CNAME) has been removed. The XZ projects currently don’t have a home page. This will be fixed in a few days.

Urgent security alert for Fedora 41 and Fedora Rawhide users https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users

29/03/2024 19:26:40

Red Hat Information Risk and Security and Red Hat Product Security learned that the latest versions of the “xz” tools and libraries contain malicious code that appears to be intended to allow unauthorized access.

Liens par page

Filtres