CVE-2024-3094 is a reported supply chain compromise of the xz libraries. The resulting interference with sshd authentication could enable an attacker to gain unauthorized access to the system.
Malicious code was identified within the xz upstream tarballs, beginning with version 5.6.0. This malicious code is introduced through a sophisticated obfuscation technique during the liblzma build process. A prebuilt object file is extracted and cleverly hidden within a test file in the source code. This object file then alters specific functions within the liblzma code. Consequently, any software that relies on this compromised version of liblzma may unknowingly interact with a modified library. This manipulation allows for the interception and alteration of data handled by the library.
A great breakdown can be found on linuxiac.com.
CVE-2024-3094 was likely detected before it could significantly impact downstream production, preventing widespread issues. This early detection is reassuring and highlights the importance of vigilance, yet it shouldn’t lead to a false sense of security. You should take the following steps:
Test your applications within the OX Active ASPM Platform. (Note: you can sign up for a free trial if you don’t have OX. The connection is agentless,is based on APIs, and takes less than a minute to deploy.)
To discover the usage of XZ libraries:
The example shows that it is not Fedora and is free from malicious code. Running the scan saves time as you do not have to review multiple applications.
Thank you to Andres Freund for his pivotal role in identifying and reporting CVE-2024-3094, Lasse Collin, the maintainer of xz-utils, for promptly providing updates and working alongside the community to mitigate the security risks involved, and to the security teams whose swift actions have been crucial in coordinating a response. Your contributions, underscored by collaborative efforts, are immensely valued and show how community is essential in averting larger incidents.
OX Security will continue to monitor this situation and provide updates as events unfold. Follow us on Linkedin and check the OX Security Blog for any developments.
Here are the main links from different providers:
The post Understanding and Mitigating the Fedora Rawhide Vulnerability (CVE-2024-3094) appeared first on OX Security.
*** This is a Security Bloggers Network syndicated blog from OX Security authored by Lior Arzi. Read the original post at: https://www.ox.security/understanding-and-mitigating-the-fedora-rawhide-vulnerability-cve-2024-3094/
On March 29, 2024, Red Hat disclosed CVE-2024-3094, scoring a critical CVSS rating of 10. Stemming from a The post…
The Mend.io research team detected more than 100 malicious packages targeting the most popular machine learning (ML) libraries from the…
With global cyber threats and other international tensions growing, what scenarios should state and local governments consider when conducting exercises…
... Read more » The post An Accidental Discovery of a Backdoor Likely Prevented Thousands of Infections appeared first on Deepfactor.
Understand how to respond to the announcement of the XZ Utils backdoor.
CVE-2024-27198 Lead to Server Takeover Vulnerabilities The post How did CVE-2024-27198 Lead to Critical Vulnerability in JetBrains? appeared first on…