Malicious code exists in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
tukaani xz 5.6.1 |
||
tukaani xz 5.6.0 |
We at Kaspersky continuously monitor the evolving cyberthreat landscape to ensure we respond promptly to emerging threats, equipping our products with detection logic and technology. Software vulnerabilities that threat actors can exploit or are already actively exploiting are a critical component of that landscape. In this report, we present a series of insightful statistical and analytical snapshots relating to the trends in the emergence of new vulnerabilities and exploits, as well as the mos...
On March 29, 2024, a single message on the Openwall OSS-security mailing list marked an important discovery for the information security, open source and Linux communities: the discovery of a malicious backdoor in XZ. XZ is a compression utility integrated into many popular distributions of Linux. The particular danger of the backdoored library lies in its use by the OpenSSH server process sshd. On several systemd-based distributions, including Ubuntu, Debian and RedHat/Fedora Linux, OpenSSH is ...
New XZ backdoor scanner detects implant in any Linux binary By Bill Toulas April 2, 2024 10:33 AM 0 Firmware security firm Binarly has released a free online scanner to detect Linux executables impacted by the XZ Utils supply chain attack, tracked as CVE-2024-3094. CVE-2024-3094 is a supply chain compromise in XZ Utils, a set of data compression tools and libraries used in many major Linux distributions. Late last month, Microsoft engineer Andres Freud discovered the backdoor in the la...
Red Hat warns of backdoor in XZ tools used by most Linux distros By Sergiu Gatlan March 29, 2024 01:50 PM 0 Today, Red Hat warned users to immediately stop using systems running Fedora development and experimental versions because of a backdoor found in the latest XZ Utils data compression tools and libraries. "PLEASE IMMEDIATELY STOP USAGE OF ANY FEDORA 41 OR FEDORA RAWHIDE INSTANCES for work or personal activity," Red Hat warned on Friday. "No versions of Red Hat Enterprise Linux (RHEL) a...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Red Hat in all caps says STOP USAGE OF ANY FEDORA RAWHIDE INSTANCES AI hallucinates software packages and devs download them
Red Hat on Friday warned that a malicious backdoor found in the widely used data compression library called xz may be present in Fedora Linux 40 and in the Fedora Rawhide developer distribution. The IT giant said the malicious code, which appears to provide remote backdoor access via SSH and systemd, is present in xz 5.6.0 and 5.6.1. The vulnerability has been designated CVE-2024-3094. It is rated 10 out of 10 in CVSS severity. Users of Fedora Linux 40 may have received 5.6.0, depending upon the...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Developing an effective strategy is a continuous process which requires recurring evaluation and refinement
Partner Content A cyber defense strategy outlines policies, procedures, and technologies to prevent, detect, and respond to cyber attacks. This helps avoid financial loss, reputational damage, and legal repercussions. Developing a cyber defense strategy involves evaluating business risks, implementing security controls and policies, and continuously improving them to address likely risks. A defense strategy includes controls for threat detection, vulnerability management, risk assessments, data ...