Well this is fucking lovely....
Malicious code was discovered in the upstream tarballs of "xz" which then affects liblzma
Downstream there may be backdoors in various implementations of "sshd".
Versions Affected:
- Fedora 41
- Fedora Rawhide
- openSUSE Tumbleweed
- Debian testing, unstable, experimental distributions
- Kali updates between March 26th and March 29th
Original notice here:
https://www.openwall.com/lists/oss-security/2024/03/29/4
Red Hat CVE: https://nvd.nist.gov/vuln/detail/CVE-2024-3094
Red Hat Security Blog Post: https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users
Arch Linux Security Post: https://archlinux.org/news/the-xz-package-has-been-backdoored/
Debian Security Post: https://lists.debian.org/debian-security-announce/2024/msg00057.html
openSUSE Security Post: https://news.opensuse.org/2024/03/29/xz-backdoor/
Kali Linux announcement: https://infosec.exchange/@kalilinux/112180505434870941
Article here: https://www.helpnetsecurity.com/2024/03/29/cve-2024-3094-linux-backdoor/
#infosec #linux #foss #hacking #cve20243094 #cve
As of the information we have currently, the following is true. Should more information come to light, we will continue to keep this situation updated.The xz package, starting from versions 5.6.0 to 5.6.1, was found to contain a backdoor. This backdoor could potentially allow a malicious actor to compromise sshd authentication, granting unauthorized access to the entire system remotely. The impact of this vulnerability affected Kali between March 26th to March 29th. If you updated your Kali installation on or after March 26th, it is crucial to apply the latest updates today to address this issue. However, if you did not update your Kali installation before the 26th, you are not affected by this backdoor vulnerability.
More information can be found at https://www.helpnetsecurity.com/2024/03/29/cve-2024-3094-linux-backdoor/ and https://www.openwall.com/lists/oss-security/2024/03/29/4
Beware! Backdoor found in XZ utilities used by many Linux distros (CVE-2024-3094) - Help Net Security
A vulnerability (CVE-2024-3094) in XZ Utils may enable a malicious actor to gain unauthorized access to Linux systems remotely.Zeljka Zorz (Help Net Security)
Urgent security alert for Fedora Linux 40 and Fedora Rawhide users
Red Hat Information Risk and Security and Red Hat Product Security learned that the latest versions of the “xz” tools and libraries contain malicious code that appears to be intended to allow unauthorized access., (Red Hat)
Tinker ☀️
•A couple things to think about here:
This appears to be a malicious maintainer - not a compromised account. Meaning the person themselves, coded this in an pushed it out.
So:
1) Did they try and backdoor any other code?
2) Are they part of a greater campaign or is anyone else helping them.
This is a massive breach of trust.
That said! Huge kudos to Andres Freund, Florian Weimer, and others in finding this.
A lot of eyes are on this now. CISA is involved. Major distros are involved, etc. Many eyes and such.
#infosec #linux #foss #hacking #cve20243094 #cve
Tinker ☀️
•That backdoor in sshd (via xz / liblzma) affects recent versions of Kali Linux:
Kali Linux announced that the impact of this vulnerability affected Kali between March 26th and March 29th. If you updated your Kali installation on or after March 26th, applying the latest updates today is crucial to address this issue. However, if you did not update your Kali installation before the 26th, you are not affected by this backdoor vulnerability.
More info here:
https://infosec.exchange/@kalilinux/112180505434870941
#infosec #hacking #cve20243094
That backdoor in sshd (via xz / liblzma) affects recent versions of Kali Linux:
Kali Linux announced that the impact of this vulnerability affected Kali between March 26th and March 29th. If you updated your Kali installation on or after March 26th, applying the latest updates today is crucial to address this issue. However, if you did not update your Kali installation before the 26th, you are not affected by this backdoor vulnerability.
More info here:
https://infosec.exchange/@kalilinux/112180505434870941
#infosec #hacking #cve20243094
Kali Linux
2024-03-29 18:57:49
grin
•