Background

Secret Backdoor Found in XZ Utils Library, Impacts Major Linux Distros

26-October-2024
|Fusion Cyber
Featured blog post

Urgent: Secret Backdoor Found in XZ Utils Library, Impacts Major Linux Distros

A secret backdoor has been discovered in the XZ Utils compression library, used by several major Linux distributions including Fedora, Kali Linux, and openSUSE. This has been reported by The Hacker News.

Key Details:

  • Vulnerability: CVE-2024-3094, with a CVSS score of 10.0 (maximum severity).
  • Affected Versions: XZ Utils 5.6.0 (released February 24) and 5.6.1 (released March 9).
  • Impact: Malicious code allows unauthorized remote access, potentially hijacking the system via interference with the sshd daemon and systemd. The attacker can inject code into the OpenSSH server, allowing execution of arbitrary payloads before authentication.
  • Discovery: Andres Freund, a Microsoft engineer and PostgreSQL developer, discovered and reported the issue.
  • Attribution: The malicious code was introduced via commits by a user named Jia Tan (JiaT75) to the Tukaani Project on GitHub. The repository has since been disabled by GitHub.
  • Affected Distributions: Primarily Fedora 41 and Fedora Rawhide. Distributions like Alpine Linux, Amazon Linux, Debian Stable, Gentoo Linux, Linux Mint, Red Hat Enterprise Linux (RHEL), SUSE Linux Enterprise and Leap, and Ubuntu are not impacted.
  • Recommendation: Downgrade to XZ Utils 5.4.6 (or a similarly uncompromised version) as a precaution. Fedora 40 users are advised to downgrade to a 5.4 build.

How the Backdoor Works:

The malicious code is heavily obfuscated. It involves a prebuilt object file disguised within a test file in the source code. During the liblzma build process, this object file is extracted and used to modify functions in the library, allowing interception and modification of data interactions.

Responses:

  • Red Hat: Issued an urgent security alert.
  • JFrog: Provided analysis on the backdoor's functionality.
  • GitHub: Disabled the affected XZ Utils repository.
  • CISA: Issued an alert urging users to downgrade.

Note: At the time of this report, there are no reports of active exploitation in the wild.

Background

Start Your Cybersecurity Journey Today

Gain the Skills, Certifications, and Support You Need to Secure Your Future. Enroll Now and Step into a High-Demand Career !

Talk to a Cybersecurity ProApply Now!

More News

Cyber News Feed

TOP STORIES

Fusion Cyber, FIU, Baker McKenzie, Student Freedom Initiative, and Cisco Unite to Shape the Future of Cybersecurity in Inaugural CISO Roundtable

|Fusion Cyber

Industry leaders from Fusion Cyber Co., FIU, Baker McKenzie, Student Freedom Initiative, and Cisco convened for the inaugural CISO Roundtable to discuss the evolving landscape of AI, cybersecurity policy, and the critical need for a diverse and skilled workforce. The event featured insightful discussions, networking opportunities, and the exciting announcement of a $100,000 Cisco SOC Scholarship fund to support the next generation of cybersecurity professionals.

Read more
Fusion Cyber, FIU, Baker McKenzie, Student Freedom Initiative, and Cisco Unite to Shape the Future of Cybersecurity in Inaugural CISO Roundtable
How will AI change Cyber Operations

How will AI change Cyber Operations

Read more
Denmark Technical College, Fusion Centers announce groundbreaking managed SOC initiative - Columbia Business Report

Denmark Technical College, Fusion Centers announce groundbreaking managed SOC initiative - Columbia Business Report

Read more
WH aims to transition nearly 100K federal IT jobs to skills-based hiring

WH aims to transition nearly 100K federal IT jobs to skills-based hiring

Read more