cvelistv5 - CVE-2024-3094

Source	URL	Tags
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2024/03/29/10
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2024/03/29/12
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2024/03/29/4
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2024/03/29/5
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2024/03/29/8
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2024/03/30/12
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2024/03/30/27
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2024/03/30/36
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2024/03/30/5
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2024/04/16/5
secalert@redhat.com	https://access.redhat.com/security/cve/CVE-2024-3094	Vendor Advisory
secalert@redhat.com	https://ariadne.space/2024/04/02/the-xz-utils-backdoor-is-a-symptom-of-a-larger-problem/
secalert@redhat.com	https://arstechnica.com/security/2024/03/backdoor-found-in-widely-used-linux-utility-breaks-encrypted-ssh-connections/	Third Party Advisory
secalert@redhat.com	https://aws.amazon.com/security/security-bulletins/AWS-2024-002/	Third Party Advisory
secalert@redhat.com	https://blog.netbsd.org/tnf/entry/statement_on_backdoor_in_xz
secalert@redhat.com	https://boehs.org/node/everything-i-know-about-the-xz-backdoor	Third Party Advisory
secalert@redhat.com	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068024	Mailing List, Vendor Advisory
secalert@redhat.com	https://bugs.gentoo.org/928134	Issue Tracking, Third Party Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=2272210	Issue Tracking, Vendor Advisory
secalert@redhat.com	https://bugzilla.suse.com/show_bug.cgi?id=1222124	Issue Tracking, Third Party Advisory
secalert@redhat.com	https://discourse.nixos.org/t/cve-2024-3094-malicious-code-in-xz-5-6-0-and-5-6-1-tarballs/42405	Third Party Advisory
secalert@redhat.com	https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27	Third Party Advisory
secalert@redhat.com	https://github.com/advisories/GHSA-rxwq-x6h5-x525	Third Party Advisory
secalert@redhat.com	https://github.com/amlweems/xzbot
secalert@redhat.com	https://github.com/karcherm/xz-malware	Third Party Advisory
secalert@redhat.com	https://gynvael.coldwind.pl/?lang=en&id=782	Technical Description, Third Party Advisory
secalert@redhat.com	https://lists.debian.org/debian-security-announce/2024/msg00057.html	Mailing List, Third Party Advisory
secalert@redhat.com	https://lists.freebsd.org/archives/freebsd-security/2024-March/000248.html	Third Party Advisory
secalert@redhat.com	https://lwn.net/Articles/967180/	Issue Tracking, Third Party Advisory
secalert@redhat.com	https://news.ycombinator.com/item?id=39865810	Issue Tracking, Third Party Advisory
secalert@redhat.com	https://news.ycombinator.com/item?id=39877267	Issue Tracking
secalert@redhat.com	https://news.ycombinator.com/item?id=39895344
secalert@redhat.com	https://openssf.org/blog/2024/03/30/xz-backdoor-cve-2024-3094/	Third Party Advisory
secalert@redhat.com	https://research.swtch.com/xz-script
secalert@redhat.com	https://research.swtch.com/xz-timeline
secalert@redhat.com	https://security-tracker.debian.org/tracker/CVE-2024-3094	Third Party Advisory
secalert@redhat.com	https://security.alpinelinux.org/vuln/CVE-2024-3094	Third Party Advisory
secalert@redhat.com	https://security.archlinux.org/CVE-2024-3094	Third Party Advisory
secalert@redhat.com	https://security.netapp.com/advisory/ntap-20240402-0001/
secalert@redhat.com	https://tukaani.org/xz-backdoor/	Issue Tracking, Vendor Advisory
secalert@redhat.com	https://twitter.com/LetsDefendIO/status/1774804387417751958	Third Party Advisory
secalert@redhat.com	https://twitter.com/debian/status/1774219194638409898	Press/Media Coverage
secalert@redhat.com	https://twitter.com/infosecb/status/1774595540233167206	Press/Media Coverage
secalert@redhat.com	https://twitter.com/infosecb/status/1774597228864139400	Press/Media Coverage
secalert@redhat.com	https://ubuntu.com/security/CVE-2024-3094	Third Party Advisory
secalert@redhat.com	https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094	Third Party Advisory, US Government Resource
secalert@redhat.com	https://www.darkreading.com/vulnerabilities-threats/are-you-affected-by-the-backdoor-in-xz-utils	Third Party Advisory
secalert@redhat.com	https://www.kali.org/blog/about-the-xz-backdoor/
secalert@redhat.com	https://www.openwall.com/lists/oss-security/2024/03/29/4	Mailing List
secalert@redhat.com	https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users	Vendor Advisory
secalert@redhat.com	https://www.tenable.com/blog/frequently-asked-questions-cve-2024-3094-supply-chain-backdoor-in-xz-utils	Third Party Advisory
secalert@redhat.com	https://www.theregister.com/2024/03/29/malicious_backdoor_xz/	Press/Media Coverage
secalert@redhat.com	https://www.vicarius.io/vsociety/vulnerabilities/cve-2024-3094
secalert@redhat.com	https://xeiaso.net/notes/2024/xz-vuln/	Third Party Advisory

Vendor	Product

Red Hat	Red Hat Enterprise Linux 6
Red Hat	Red Hat Enterprise Linux 7
Red Hat	Red Hat Enterprise Linux 8
Red Hat	Red Hat Enterprise Linux 9
Red Hat	Red Hat JBoss Enterprise Application Platform 8

ghsa-rxwq-x6h5-x525

Vulnerability from github

Published

2024-03-29 18:30

Modified

2024-03-29 18:30

Severity

10.0 (Critical) - CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. The tarballs included extra .m4 files, which contained instructions for building with automake that did not exist in the repository. These instructions, through a series of complex obfuscations, extract a prebuilt object file from one of the test archives, which is then used to modify specific functions in the code while building the liblzma package. This issue results in liblzma being used by additional software, like sshd, to provide functionality that will be interpreted by the modified functions.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-3094"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-506"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-29T17:15:21Z",
    "severity": "CRITICAL"
  },
  "details": "Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. The tarballs included extra .m4 files, which contained instructions for building with automake that did not exist in the repository. These instructions, through a series of complex obfuscations, extract a prebuilt object file from one of the test archives, which is then used to modify specific functions in the code while building the liblzma package. This issue results in liblzma being used by additional software, like sshd, to provide functionality that will be interpreted by the modified functions.",
  "id": "GHSA-rxwq-x6h5-x525",
  "modified": "2024-03-29T18:30:43Z",
  "published": "2024-03-29T18:30:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3094"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2024-3094"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272210"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2024/03/29/4"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

gsd-2024-3094

Vulnerability from gsd

Modified

2024-04-03 05:02

Details

Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.

Aliases

CVE-2024-3094

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-3094"
      ],
      "details": "Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. \r\nThrough a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.",
      "id": "GSD-2024-3094",
      "modified": "2024-04-03T05:02:29.955063Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2024-3094",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Red Hat Enterprise Linux 6",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "unaffected"
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Red Hat Enterprise Linux 7",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "unaffected"
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Red Hat Enterprise Linux 8",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "unaffected"
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Red Hat Enterprise Linux 9",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "unaffected"
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Red Hat JBoss Enterprise Application Platform 8",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "unaffected"
                          }
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Red Hat"
            }
          ]
        }
      },
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Andres Freund for reporting this issue."
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. \r\nThrough a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-506",
                "lang": "eng",
                "value": "Embedded Malicious Code"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://access.redhat.com/security/cve/CVE-2024-3094",
            "refsource": "MISC",
            "url": "https://access.redhat.com/security/cve/CVE-2024-3094"
          },
          {
            "name": "https://ariadne.space/2024/04/02/the-xz-utils-backdoor-is-a-symptom-of-a-larger-problem/",
            "refsource": "MISC",
            "url": "https://ariadne.space/2024/04/02/the-xz-utils-backdoor-is-a-symptom-of-a-larger-problem/"
          },
          {
            "name": "https://arstechnica.com/security/2024/03/backdoor-found-in-widely-used-linux-utility-breaks-encrypted-ssh-connections/",
            "refsource": "MISC",
            "url": "https://arstechnica.com/security/2024/03/backdoor-found-in-widely-used-linux-utility-breaks-encrypted-ssh-connections/"
          },
          {
            "name": "https://aws.amazon.com/security/security-bulletins/AWS-2024-002/",
            "refsource": "MISC",
            "url": "https://aws.amazon.com/security/security-bulletins/AWS-2024-002/"
          },
          {
            "name": "https://blog.netbsd.org/tnf/entry/statement_on_backdoor_in_xz",
            "refsource": "MISC",
            "url": "https://blog.netbsd.org/tnf/entry/statement_on_backdoor_in_xz"
          },
          {
            "name": "https://boehs.org/node/everything-i-know-about-the-xz-backdoor",
            "refsource": "MISC",
            "url": "https://boehs.org/node/everything-i-know-about-the-xz-backdoor"
          },
          {
            "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068024",
            "refsource": "MISC",
            "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068024"
          },
          {
            "name": "https://bugs.gentoo.org/928134",
            "refsource": "MISC",
            "url": "https://bugs.gentoo.org/928134"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2272210",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272210"
          },
          {
            "name": "https://bugzilla.suse.com/show_bug.cgi?id=1222124",
            "refsource": "MISC",
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=1222124"
          },
          {
            "name": "https://discourse.nixos.org/t/cve-2024-3094-malicious-code-in-xz-5-6-0-and-5-6-1-tarballs/42405",
            "refsource": "MISC",
            "url": "https://discourse.nixos.org/t/cve-2024-3094-malicious-code-in-xz-5-6-0-and-5-6-1-tarballs/42405"
          },
          {
            "name": "https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27",
            "refsource": "MISC",
            "url": "https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27"
          },
          {
            "name": "https://github.com/advisories/GHSA-rxwq-x6h5-x525",
            "refsource": "MISC",
            "url": "https://github.com/advisories/GHSA-rxwq-x6h5-x525"
          },
          {
            "name": "https://github.com/amlweems/xzbot",
            "refsource": "MISC",
            "url": "https://github.com/amlweems/xzbot"
          },
          {
            "name": "https://github.com/karcherm/xz-malware",
            "refsource": "MISC",
            "url": "https://github.com/karcherm/xz-malware"
          },
          {
            "name": "https://gynvael.coldwind.pl/?lang=en\u0026id=782",
            "refsource": "MISC",
            "url": "https://gynvael.coldwind.pl/?lang=en\u0026id=782"
          },
          {
            "name": "https://lists.debian.org/debian-security-announce/2024/msg00057.html",
            "refsource": "MISC",
            "url": "https://lists.debian.org/debian-security-announce/2024/msg00057.html"
          },
          {
            "name": "https://lists.freebsd.org/archives/freebsd-security/2024-March/000248.html",
            "refsource": "MISC",
            "url": "https://lists.freebsd.org/archives/freebsd-security/2024-March/000248.html"
          },
          {
            "name": "https://lwn.net/Articles/967180/",
            "refsource": "MISC",
            "url": "https://lwn.net/Articles/967180/"
          },
          {
            "name": "https://news.ycombinator.com/item?id=39865810",
            "refsource": "MISC",
            "url": "https://news.ycombinator.com/item?id=39865810"
          },
          {
            "name": "https://news.ycombinator.com/item?id=39877267",
            "refsource": "MISC",
            "url": "https://news.ycombinator.com/item?id=39877267"
          },
          {
            "name": "https://news.ycombinator.com/item?id=39895344",
            "refsource": "MISC",
            "url": "https://news.ycombinator.com/item?id=39895344"
          },
          {
            "name": "https://openssf.org/blog/2024/03/30/xz-backdoor-cve-2024-3094/",
            "refsource": "MISC",
            "url": "https://openssf.org/blog/2024/03/30/xz-backdoor-cve-2024-3094/"
          },
          {
            "name": "https://research.swtch.com/xz-script",
            "refsource": "MISC",
            "url": "https://research.swtch.com/xz-script"
          },
          {
            "name": "https://research.swtch.com/xz-timeline",
            "refsource": "MISC",
            "url": "https://research.swtch.com/xz-timeline"
          },
          {
            "name": "https://security-tracker.debian.org/tracker/CVE-2024-3094",
            "refsource": "MISC",
            "url": "https://security-tracker.debian.org/tracker/CVE-2024-3094"
          },
          {
            "name": "https://security.alpinelinux.org/vuln/CVE-2024-3094",
            "refsource": "MISC",
            "url": "https://security.alpinelinux.org/vuln/CVE-2024-3094"
          },
          {
            "name": "https://security.archlinux.org/CVE-2024-3094",
            "refsource": "MISC",
            "url": "https://security.archlinux.org/CVE-2024-3094"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20240402-0001/",
            "refsource": "MISC",
            "url": "https://security.netapp.com/advisory/ntap-20240402-0001/"
          },
          {
            "name": "https://tukaani.org/xz-backdoor/",
            "refsource": "MISC",
            "url": "https://tukaani.org/xz-backdoor/"
          },
          {
            "name": "https://twitter.com/LetsDefendIO/status/1774804387417751958",
            "refsource": "MISC",
            "url": "https://twitter.com/LetsDefendIO/status/1774804387417751958"
          },
          {
            "name": "https://twitter.com/debian/status/1774219194638409898",
            "refsource": "MISC",
            "url": "https://twitter.com/debian/status/1774219194638409898"
          },
          {
            "name": "https://twitter.com/infosecb/status/1774595540233167206",
            "refsource": "MISC",
            "url": "https://twitter.com/infosecb/status/1774595540233167206"
          },
          {
            "name": "https://twitter.com/infosecb/status/1774597228864139400",
            "refsource": "MISC",
            "url": "https://twitter.com/infosecb/status/1774597228864139400"
          },
          {
            "name": "https://ubuntu.com/security/CVE-2024-3094",
            "refsource": "MISC",
            "url": "https://ubuntu.com/security/CVE-2024-3094"
          },
          {
            "name": "https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094",
            "refsource": "MISC",
            "url": "https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094"
          },
          {
            "name": "https://www.darkreading.com/vulnerabilities-threats/are-you-affected-by-the-backdoor-in-xz-utils",
            "refsource": "MISC",
            "url": "https://www.darkreading.com/vulnerabilities-threats/are-you-affected-by-the-backdoor-in-xz-utils"
          },
          {
            "name": "https://www.kali.org/blog/about-the-xz-backdoor/",
            "refsource": "MISC",
            "url": "https://www.kali.org/blog/about-the-xz-backdoor/"
          },
          {
            "name": "https://www.openwall.com/lists/oss-security/2024/03/29/4",
            "refsource": "MISC",
            "url": "https://www.openwall.com/lists/oss-security/2024/03/29/4"
          },
          {
            "name": "https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users",
            "refsource": "MISC",
            "url": "https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users"
          },
          {
            "name": "https://www.tenable.com/blog/frequently-asked-questions-cve-2024-3094-supply-chain-backdoor-in-xz-utils",
            "refsource": "MISC",
            "url": "https://www.tenable.com/blog/frequently-asked-questions-cve-2024-3094-supply-chain-backdoor-in-xz-utils"
          },
          {
            "name": "https://www.theregister.com/2024/03/29/malicious_backdoor_xz/",
            "refsource": "MISC",
            "url": "https://www.theregister.com/2024/03/29/malicious_backdoor_xz/"
          },
          {
            "name": "https://www.vicarius.io/vsociety/vulnerabilities/cve-2024-3094",
            "refsource": "MISC",
            "url": "https://www.vicarius.io/vsociety/vulnerabilities/cve-2024-3094"
          },
          {
            "name": "https://xeiaso.net/notes/2024/xz-vuln/",
            "refsource": "MISC",
            "url": "https://xeiaso.net/notes/2024/xz-vuln/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:tukaani:xz:5.6.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "73F1DAD7-F362-4C5B-B980-2E5313C369DA",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:tukaani:xz:5.6.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "55782A0B-B9C5-4536-A885-84CAB7029C09",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. \r\nThrough a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library."
          },
          {
            "lang": "es",
            "value": "Se descubri\u00f3 c\u00f3digo malicioso en los archivos tar ascendentes de xz, a partir de la versi\u00f3n 5.6.0. A trav\u00e9s de una serie de ofuscaciones complejas, el proceso de compilaci\u00f3n de liblzma extrae un archivo objeto premanipulado de un archivo de prueba disfrazado existente en el c\u00f3digo fuente, que luego se utiliza para modificar funciones espec\u00edficas en el c\u00f3digo de liblzma. Esto da como resultado una librer\u00eda liblzma modificada que puede ser utilizada por cualquier software vinculado a esta librer\u00eda, interceptando y modificando la interacci\u00f3n de datos con esta librer\u00eda."
          }
        ],
        "id": "CVE-2024-3094",
        "lastModified": "2024-04-12T07:15:08.740",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10.0,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 6.0,
              "source": "nvd@nist.gov",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10.0,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 6.0,
              "source": "secalert@redhat.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2024-03-29T17:15:21.150",
        "references": [
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2024-3094"
          },
          {
            "source": "secalert@redhat.com",
            "url": "https://ariadne.space/2024/04/02/the-xz-utils-backdoor-is-a-symptom-of-a-larger-problem/"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://arstechnica.com/security/2024/03/backdoor-found-in-widely-used-linux-utility-breaks-encrypted-ssh-connections/"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://aws.amazon.com/security/security-bulletins/AWS-2024-002/"
          },
          {
            "source": "secalert@redhat.com",
            "url": "https://blog.netbsd.org/tnf/entry/statement_on_backdoor_in_xz"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://boehs.org/node/everything-i-know-about-the-xz-backdoor"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Mailing List",
              "Vendor Advisory"
            ],
            "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068024"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Issue Tracking",
              "Third Party Advisory"
            ],
            "url": "https://bugs.gentoo.org/928134"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Issue Tracking",
              "Vendor Advisory"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272210"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Issue Tracking",
              "Third Party Advisory"
            ],
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=1222124"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://discourse.nixos.org/t/cve-2024-3094-malicious-code-in-xz-5-6-0-and-5-6-1-tarballs/42405"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://github.com/advisories/GHSA-rxwq-x6h5-x525"
          },
          {
            "source": "secalert@redhat.com",
            "url": "https://github.com/amlweems/xzbot"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://github.com/karcherm/xz-malware"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Technical Description",
              "Third Party Advisory"
            ],
            "url": "https://gynvael.coldwind.pl/?lang=en\u0026id=782"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "https://lists.debian.org/debian-security-announce/2024/msg00057.html"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://lists.freebsd.org/archives/freebsd-security/2024-March/000248.html"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Issue Tracking",
              "Third Party Advisory"
            ],
            "url": "https://lwn.net/Articles/967180/"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Issue Tracking",
              "Third Party Advisory"
            ],
            "url": "https://news.ycombinator.com/item?id=39865810"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Issue Tracking"
            ],
            "url": "https://news.ycombinator.com/item?id=39877267"
          },
          {
            "source": "secalert@redhat.com",
            "url": "https://news.ycombinator.com/item?id=39895344"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://openssf.org/blog/2024/03/30/xz-backdoor-cve-2024-3094/"
          },
          {
            "source": "secalert@redhat.com",
            "url": "https://research.swtch.com/xz-script"
          },
          {
            "source": "secalert@redhat.com",
            "url": "https://research.swtch.com/xz-timeline"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://security-tracker.debian.org/tracker/CVE-2024-3094"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://security.alpinelinux.org/vuln/CVE-2024-3094"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://security.archlinux.org/CVE-2024-3094"
          },
          {
            "source": "secalert@redhat.com",
            "url": "https://security.netapp.com/advisory/ntap-20240402-0001/"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Issue Tracking",
              "Vendor Advisory"
            ],
            "url": "https://tukaani.org/xz-backdoor/"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://twitter.com/LetsDefendIO/status/1774804387417751958"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Press/Media Coverage"
            ],
            "url": "https://twitter.com/debian/status/1774219194638409898"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Press/Media Coverage"
            ],
            "url": "https://twitter.com/infosecb/status/1774595540233167206"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Press/Media Coverage"
            ],
            "url": "https://twitter.com/infosecb/status/1774597228864139400"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://ubuntu.com/security/CVE-2024-3094"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory",
              "US Government Resource"
            ],
            "url": "https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://www.darkreading.com/vulnerabilities-threats/are-you-affected-by-the-backdoor-in-xz-utils"
          },
          {
            "source": "secalert@redhat.com",
            "url": "https://www.kali.org/blog/about-the-xz-backdoor/"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Mailing List"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2024/03/29/4"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://www.tenable.com/blog/frequently-asked-questions-cve-2024-3094-supply-chain-backdoor-in-xz-utils"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Press/Media Coverage"
            ],
            "url": "https://www.theregister.com/2024/03/29/malicious_backdoor_xz/"
          },
          {
            "source": "secalert@redhat.com",
            "url": "https://www.vicarius.io/vsociety/vulnerabilities/cve-2024-3094"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://xeiaso.net/notes/2024/xz-vuln/"
          }
        ],
        "sourceIdentifier": "secalert@redhat.com",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-506"
              }
            ],
            "source": "secalert@redhat.com",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

wid-sec-w-2024-0762

Vulnerability from csaf_certbund

Published

2024-04-01 22:00

Modified

2024-04-01 22:00

Summary

xz: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

XZ Utils bietet eine universelle Datenkompressionsbibliothek sowie Befehlszeilenwerkzeuge.

Angriff

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Debian Linux, SUSE Linux, Arch Linux, Fedora Linux, xz und Gentoo Linux ausnutzen, um beliebigen Programmcode auszuführen.

Betroffene Betriebssysteme

- Linux

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "kritisch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "XZ Utils bietet eine universelle Datenkompressionsbibliothek sowie Befehlszeilenwerkzeuge.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Debian Linux, SUSE Linux, Arch Linux, Fedora Linux, xz und Gentoo Linux ausnutzen, um beliebigen Programmcode auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0762 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0762.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0762 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0762"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Alert vom 2024-04-01",
        "url": "https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database",
        "url": "https://github.com/advisories/GHSA-rxwq-x6h5-x525"
      },
      {
        "category": "external",
        "summary": "Red Hat Bugzilla \u2013 Bug 2272210",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272210"
      },
      {
        "category": "external",
        "summary": "CISA Report",
        "url": "https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094"
      },
      {
        "category": "external",
        "summary": "Statement des Autors von xz",
        "url": "https://tukaani.org/xz-backdoor/"
      },
      {
        "category": "external",
        "summary": "Proof of Concept (PoC)",
        "url": "https://github.com/amlweems/xzbot"
      }
    ],
    "source_lang": "en-US",
    "title": "xz: Schwachstelle erm\u00f6glicht Ausf\u00fchren von beliebigem Programmcode",
    "tracking": {
      "current_release_date": "2024-04-01T22:00:00.000+00:00",
      "generator": {
        "date": "2024-04-02T11:52:22.663+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.0"
        }
      },
      "id": "WID-SEC-W-2024-0762",
      "initial_release_date": "2024-04-01T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-04-01T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "unstable",
                "product": {
                  "name": "Debian Linux unstable",
                  "product_id": "T033830",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:debian:debian_linux:unstable"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Linux"
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Fedora Linux",
            "product": {
              "name": "Fedora Linux",
              "product_id": "T033781",
              "product_identification_helper": {
                "cpe": "cpe:/o:fedoraproject:fedora:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Fedora"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Gentoo Linux",
            "product": {
              "name": "Gentoo Linux",
              "product_id": "T033788",
              "product_identification_helper": {
                "cpe": "cpe:/o:gentoo:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Gentoo"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source Arch Linux",
            "product": {
              "name": "Open Source Arch Linux",
              "product_id": "T033780",
              "product_identification_helper": {
                "cpe": "cpe:/o:archlinux:archlinux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Open Source OpenSSH",
            "product": {
              "name": "Open Source OpenSSH",
              "product_id": "8223",
              "product_identification_helper": {
                "cpe": "cpe:/a:openbsd:openssh:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Tumbleweed",
                "product": {
                  "name": "SUSE Linux Tumbleweed",
                  "product_id": "T033783",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse_linux:tumbleweed"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "MicroOS",
                "product": {
                  "name": "SUSE Linux MicroOS",
                  "product_id": "T033784",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse_linux:microos"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Linux"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "5.6.0",
                "product": {
                  "name": "Open Source xz 5.6.0",
                  "product_id": "T033785",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:tukaani:xz:5.6.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "5.6.1",
                "product": {
                  "name": "Open Source xz 5.6.1",
                  "product_id": "T033786",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:tukaani:xz:5.6.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "xz"
          }
        ],
        "category": "vendor",
        "name": "tukaani"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-3094",
      "notes": [
        {
          "category": "description",
          "text": "Es gibt eine Schwachstelle in xz aufgrund von eingebettetem b\u00f6sartigen Code, der eine Hintert\u00fcr bildet. Diese Bibliothek wird unter anderem im OpenSSH-Server verwendet. Der Backdoor-Code erlaubt es bestimmten entfernten Angreifern (die einen bestimmten privaten Schl\u00fcssel besitzen), beliebigen Payload \u00fcber SSH zu senden, der auf dem Server vor dem Authentifizierungsschritt ausgef\u00fchrt wird. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode mit den Rechten des SSH-Dienstes auszuf\u00fchren und so das System zu kompromittieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "8223",
          "T033788",
          "T033785",
          "T033786",
          "T033830",
          "T033780",
          "T033783",
          "T033784",
          "T033781"
        ]
      },
      "release_date": "2024-04-01T22:00:00Z",
      "title": "CVE-2024-3094"
    }
  ]
}

Action not permitted

CVE-2024-3094

Vulnerability from cvelistv5

ghsa-rxwq-x6h5-x525

Vulnerability from github

gsd-2024-3094

Vulnerability from gsd

wid-sec-w-2024-0762

Vulnerability from csaf_certbund

Tags