Thomas Roccia Mar 31, 2024

🤯 The level of sophistication of the XZ attack is very impressive! I tried to make sense of the analysis in a single page (which was quite complicated)!

I hope it helps to make sense of the information out there. Please treat the information "as is" while the analysis progresses! 🧐 #infosec #xz

Show threadDaniel BöhmerMar 31, 2024
@fr0gger I think I understood the attack so far that the #xz binary would later infect #OpenSSH to make it vulnerable to #RemoteCodeExecution. Am I wrong or could you extend the chart with that mechanism? That'd be great!
Show threadWladimir Palant

@dboehmer This isn’t about the xz binary at all. The repository in question contains the source code of both the xz binary and liblzma. OpenSSH on some Linux distributions has liblzma as a dependency (via some intermediates). That’s how the backdoor made it into the OpenSSH process where it could compromise its functionality.

@fr0gger

Mar 31, 2024 at 11:57pmWeb