Headline
Backdoor Discovered in XZ Utils: Patch Your Systems Now (CVE-2024-3094)
By Waqas Critical Backdoor Alert! Patch XZ Utils Now (CVE-2024-3094) & Secure Your Linux System. Learn how a hidden backdoor… This is a post from HackRead.com Read the original post: Backdoor Discovered in XZ Utils: Patch Your Systems Now (CVE-2024-3094)
Critical Backdoor Alert! Patch XZ Utils Now (CVE-2024-3094) & Secure Your Linux System. Learn how a hidden backdoor puts Linux at risk and how to patch it immediately.
A critical security vulnerability, designated CVE-2024-3094, was recently discovered in the widely used XZ Utils package. This vulnerability threatens Linux systems with backdoor attacks.
For your information, XZ Utils is a collection of open-source command-line tools for data compression and decompression. It includes the popular xz command and the liblzma library, which is used by other software, most notably OpenSSH – the program that enables secure remote access to Linux systems.
****The Backdoor Explained****
The vulnerability involved a malicious backdoor hidden within the source code of XZ Utils, specifically in the liblzma library. This backdoor code, if triggered, could allow an attacker to gain unauthorized remote access to a vulnerable system through SSH. The attacker wouldn’t even need valid credentials, potentially granting complete control over the system.
****Impact and Discovery****
The potential impact of this vulnerability is severe. An attacker exploiting CVE-2024-3094 could steal sensitive data, install malware, disrupt critical operations, or even use the compromised system to launch further attacks.
Fortunately, the backdoor was discovered by the security community in late March 2024 before widespread distribution. This prevented a large-scale security breach. However, some Linux users remain vulnerable, especially those using unstable or rolling-release distributions.
****Who is Affected?****
According to OpenSSH’s report, the specific versions of XZ Utils containing the backdoor were 5.6.0 and 5.6.1. These versions were only recently released and did not make it into the stable branches of most major Linux distributions. However, users who manually compiled these versions from source code or installed them from non-standard repositories could be at risk.
Commenting on this, John Bambenek, President at Bambenek Consulting warned, “The original reports of this backdoor showed exploitation of this vulnerability via SSH which means it can be triggered even if the victim machine’s users don’t use XZ and its library. It seems this library tends to be installed by default on modern Linux distributions so organizations should immediately prioritize downgrading the package until a safe update is released, even if they don’t use the tools themselves.“
****Mitigation and Prevention****
The most critical step to address this vulnerability is to update your system immediately. Most Linux distributions have released patch updates for XZ Utils. Here’s how to update depending on your distribution:
- Debian/Ubuntu: Use sudo apt update and sudo apt upgrade commands.
- Red Hat/CentOS/Fedora: Use sudo dnf update command.
- Other Distributions: Refer to your distribution’s specific update instructions.
****Lessons Learned****
The discovery of CVE-2024-3094 emphasizes the importance of various security measures. Firstly, keeping software and systems updated with regular patches is crucial to mitigate potential risks.
Secondly, maintaining a sharp review process for open-source projects aids in the early detection of vulnerabilities. Thirdly, promoting security awareness among users and employees through education about risks and best practices is essential for enhancing overall protection. Adhering to these practices enables us to reduce the impact of vulnerabilities like CVE-2024-3094 and safeguard the security of our systems.
- New Linux Malware Alert: ‘Spinning YARN’ Hits Docker
- Crypto Stealing PyPI Malware Hits Windows, Linux Users
- Magnet Goblin Using Ivanti Flaws to Deploy Linux Malware
- Bifrost RAT Variant Hits Linux Devices, Mimics VMware Domain
- Xamalicious Backdoor Infects Android Apps, Affects 327K Devices
Related news
A new report from the Open Software Supply Chain Attack Reference (OSC&R) team provides a framework to reduce how much vulnerable software reaches production.
Zero Trust security changes how organizations handle security by doing away with implicit trust while continuously analyzing and validating access requests. Contrary to perimeter-based security, users within an environment are not automatically trusted upon gaining access. Zero Trust security encourages continuous monitoring of every device and user, which ensures sustained protection after
March 29, 2024 is a day that will hardly be forgotten by the open source community: Andres Freund disclosed his findings about the compromise in the xz compression library, which would enable an attacker to silently gain access to a targeted affected system. How did that coordination work under the hood? In this article we will give a behind the scenes glimpse into what this looked like at Red Hat.DiscoveryOn Wednesday, March 27, Andres contacted the Debian security team via their contact email ([email protected]) and let them know about the oddities he found in a SSH slowdown when using a n
An April 2023 study from Kent State University found that remote workers are more likely to be vigilant of security threats and take actions to ward them off than their in-office counterparts.
Had a Microsoft developer not spotted the malware when he did, the outcome could have been much worse.
Gentoo Linux Security Advisory 202403-4 - A backdoor has been discovered in XZ utils that could lead to remote compromise of systems. Versions less than 5.6.0 are affected.
Debian Linux Security Advisory 5649-1 - Andres Freund discovered that the upstream source tarballs for xz-utils, the XZ-format compression utilities, are compromised and inject malicious code, at build time, into the resulting liblzma5 library.
Updated March 30, 2024: We have determined that Fedora Linux 40 beta does contain two affected versions of xz libraries - xz-libs-5.6.0-1.fc40.x86_64.rpm and xz-libs-5.6.0-2.fc40.x86_64.rpm. At this time, Fedora 40 Linux does not appear to be affected by the actual malware exploit, but we encourage all Fedora 40 Linux beta users to revert to 5.4.x versions.Editor's note: This post has been updated to more clearly articulate the affected versions of Fedora Linux and add additional mitigation methods.Yesterday, Red Hat Information Risk and Security and Red Hat Product Security learned that the l