{"uuid": "ffd55d49-447d-4942-ab59-54bd75d90237", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3094", "type": "published-proof-of-concept", "source": "https://t.me/road_to_oscp/307", "content": "[ XZ backdoor - CVE-2024-3094 ]\n\n! Backdoor in upstream xz/liblzma leading to SSH server compromise !\n\nCheck:\nxz --version\n\n5.6.0 &amp; 5.6.1 \u2014 v u l n e r a b l e\n\nUpdate:\nsudo apt update &amp;&amp; sudo apt install --only-upgrade liblzma5\n\nSummary:\nhttps://boehs.org/node/everything-i-know-about-the-xz-backdoor\n\nHow it all started (email): \nhttps://www.openwall.com/lists/oss-security/2024/03/29/4\n\nGitHub Thread:\nhttps://web.archive.org/web/20240329223553/https://github.com/tukaani-project/xz/issues/92\n\nMessage from Kali Linux team:\nhttps://twitter.com/kalilinux/status/1773786266074513523\nThe xz package, starting from version 5.6.0 to 5.6.1, was found to contain a backdoor. The impact of this vulnerability affected Kali between March 26th to March 29th. If you updated your Kali installation on or after March 26th, it is crucial to apply the latest updates today.\n\nNote that (almost) all Linux distros could be affected!\nFor example, Fedora \u2014 Red Hat warned users to immediately stop using systems running Fedora development and experimental versions:\nhttps://www.bleepingcomputer.com/news/security/red-hat-warns-of-backdoor-in-xz-tools-used-by-most-linux-distros\n\nNews:\nhttps://www.helpnetsecurity.com/2024/03/29/cve-2024-3094-linux-backdoor\n\nAnd from CISA:\nhttps://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094\n\nSo... JiaT75 made 750 commits in 2 years and finally backdoored XZ...", "creation_timestamp": "2024-03-30T13:40:51.000000Z"}