CVE-2024-3094 is a reported supply chain compromise of the xz libraries. The resulting interference with sshd authentication could enable an attacker to gain unauthorized access to the system.
Malicious code was identified within the xz upstream tarballs, beginning with version 5.6.0. This malicious code is introduced through a sophisticated obfuscation technique during the liblzma build process. A prebuilt object file is extracted and cleverly hidden within a test file in the source code. This object file then alters specific functions within the liblzma code. Consequently, any software that relies on this compromised version of liblzma may unknowingly interact with a modified library. This manipulation allows for the interception and alteration of data handled by the library.
A great breakdown can be found on linuxiac.com.
CVE-2024-3094 was likely detected before it could significantly impact downstream production, preventing widespread issues. This early detection is reassuring and highlights the importance of vigilance, yet it shouldn’t lead to a false sense of security. You should take the following steps:
Test your applications within the OX Active ASPM Platform. (Note: you can sign up for a free trial if you don’t have OX. The connection is agentless,is based on APIs, and takes less than a minute to deploy.)
To discover the usage of XZ libraries:
The example shows that it is not Fedora and is free from malicious code. Running the scan saves time as you do not have to review multiple applications.
Thank you to Andres Freund for his pivotal role in identifying and reporting CVE-2024-3094, Lasse Collin, the maintainer of xz-utils, for promptly providing updates and working alongside the community to mitigate the security risks involved, and to the security teams whose swift actions have been crucial in coordinating a response. Your contributions, underscored by collaborative efforts, are immensely valued and show how community is essential in averting larger incidents.
OX Security will continue to monitor this situation and provide updates as events unfold. Follow us on Linkedin and check the OX Security Blog for any developments.
Here are the main links from different providers:
The post Understanding and Mitigating the Fedora Rawhide Vulnerability (CVE-2024-3094) appeared first on OX Security.
*** This is a Security Bloggers Network syndicated blog from OX Security authored by Lior Arzi. Read the original post at: https://www.ox.security/understanding-and-mitigating-the-fedora-rawhide-vulnerability-cve-2024-3094/
... Read more » The post An Accidental Discovery of a Backdoor Likely Prevented Thousands of Infections appeared first on Deepfactor.
Understand how to respond to the announcement of the XZ Utils backdoor.
CVE-2024-27198 Lead to Server Takeover Vulnerabilities The post How did CVE-2024-27198 Lead to Critical Vulnerability in JetBrains? appeared first on…
On Wednesday, March 27, CISA and the FBI issued a cry for help: We need to stamp out SQL injection…
A sprawling phishing-as-a-service (PhaaS) campaign that has been running since at least last summer is using more than 20,000 fake…