Infosec Interrested, Tinkering with Open Source and stuff :D
| https://twitter.com/Georg311 |
Georg311
- 29 Followers
- 137 Following
- 132 Posts
Sysadmin by day, Sysadmin by night \o/
Infosec Interrested, Tinkering with Open Source and stuff :D
Infosec Interrested, Tinkering with Open Source and stuff :D
Best #xz #xzutils #xzbackdoor summary/timeline so far:
https://boehs.org/node/everything-i-know-about-the-xz-backdoor
https://boehs.org/node/everything-i-know-about-the-xz-backdoor
AndresFreundTecI accidentally found a security issue while benchmarking postgres changes.
If you run debian testing, unstable or some other more "bleeding edge" distribution, I strongly recommend upgrading ASAP.
Kali LinuxAs of the information we have currently, the following is true. Should more information come to light, we will continue to keep this situation updated.
The xz package, starting from versions 5.6.0 to 5.6.1, was found to contain a backdoor. This backdoor could potentially allow a malicious actor to compromise sshd authentication, granting unauthorized access to the entire system remotely. The impact of this vulnerability affected Kali between March 26th to March 29th. If you updated your Kali installation on or after March 26th, it is crucial to apply the latest updates today to address this issue. However, if you did not update your Kali installation before the 26th, you are not affected by this backdoor vulnerability.
More information can be found at https://www.helpnetsecurity.com/2024/03/29/cve-2024-3094-linux-backdoor/ and https://www.openwall.com/lists/oss-security/2024/03/29/4
Tinker ☀️That backdoor in sshd (via xz / liblzma) affects recent versions of Kali Linux:
Kali Linux announced that the impact of this vulnerability affected Kali between March 26th and March 29th. If you updated your Kali installation on or after March 26th, applying the latest updates today is crucial to address this issue. However, if you did not update your Kali installation before the 26th, you are not affected by this backdoor vulnerability.
More info here:
https://infosec.exchange/@kalilinux/112180505434870941
Kali Linux (@[email protected])
As of the information we have currently, the following is true. Should more information come to light, we will continue to keep this situation updated. The xz package, starting from versions 5.6.0 to 5.6.1, was found to contain a backdoor. This backdoor could potentially allow a malicious actor to compromise sshd authentication, granting unauthorized access to the entire system remotely. The impact of this vulnerability affected Kali between March 26th to March 29th. If you updated your Kali installation on or after March 26th, it is crucial to apply the latest updates today to address this issue. However, if you did not update your Kali installation before the 26th, you are not affected by this backdoor vulnerability. More information can be found at https://www.helpnetsecurity.com/2024/03/29/cve-2024-3094-linux-backdoor/ and https://www.openwall.com/lists/oss-security/2024/03/29/4
The xz gitlab issues right now https://github.com/tukaani-project/xz/issues/92 🙈
So... Under the premise that only #xz Version 5.6+ is compromised lts OS seem fine. Ubuntu is still using oder versions, Debian is only using newer ones in testing. Kali updated to 5.6 last week,but testing sources were already reverted to a 5.4 version so one can 'just upgrade'
∴ esoterik ∴@mvilain @SteveBellovin 5.4.6 is the version it downgrades to from 5.6.1, so you are likely up to date. as @jrose said, macos/M1 are not believed to be affected but better safe than sorry!
mrasd2k2XZ Utils compromised. CVSS 10. Holy cow!
Mr. Bitterness