| [tractusx-dev] Backdoor Awareness: CVE-2024-3094 |
|
⚠️
Disclaimer: This mail is being sent to spread awareness. Please do not press panic button. Dear Tractus-X community, I have summarized below, the basic information needed to be aware about CVE-2024-3094. I hope that you find this useful. CVE-2024-3094:
Critical SSH Backdoor in XZ Utils (Linux): CVSS score of 10 The backdoor was discovered by Andres Freund (Microsoft) on March 29, 2024. Technical Details
Summary: A critical backdoor vulnerability (CVE-2024-3094) exists in XZ Utils versions 5.6.0 and 5.6.1. This backdoor allows remote attackers to execute code on vulnerable systems without authentication. What is the impact of CVE-2024-3094? The vulnerability allows a remote unauthenticated attacker to execute arbitrary commands on the affected target, as the user running the SSH service. How it Works: The backdoor injects malicious code into the OpenSSH server (SSHD) on the target machine. This code allows attackers with a specific private key to:
How to Check: Run the following command:
strings $(which xz) | grep '5\.6\.[01]' If it outputs a version number starting with
"5.6.0" or "5.6.1", your system is vulnerable. Mitigation: Downgrade XZ Utils to a version not affected by the backdoor (e.g.,
XZ Utils 5.4.6 Stable).
Mit freundlichen Grüßen/Kind regards
|
