The XZ Backdoor Is More Interesting Than It Should Be
A backdoor in xz Utils, a Linux compression tool, allowed SSH hijacking. Discovered by Andres Freund, linked to contributor Jia Tan, suspected state-sponsored hacker. Incident emphasizes open-source vulnerabilities and community's detection capabilities.
Read original article
The discovery of a backdoor in xz Utils, a data compression tool widely used in Linux, revealed a sophisticated and potentially dangerous infiltration. The backdoor, allowing hijacking of SSH connections, was found by Andres Freund after noticing unusual behavior in the software. Investigation traced the malicious code to a contributor named Jia Tan, suspected to be a state-sponsored hacker. Tan's gradual involvement in the project, including social engineering tactics, led to the insertion of the backdoor. Experts believe this operation, possibly state-backed, aimed at long-term infiltration. The incident highlights the vulnerabilities in open-source software but also showcases the community's ability to detect such threats. If undetected, the backdoor could have granted unauthorized access to millions of computers worldwide. The incident underscores the importance of vigilance in maintaining software integrity and the ongoing battle against sophisticated cyber threats.
Related
XZ backdoor: Hook analysis
Kaspersky experts analyzed the XZ backdoor in OpenSSH 9.7p1, revealing hidden connections, SSH authentication bypass, and remote code execution capabilities. The backdoor manipulates RSA keys, uses steganography, and executes commands.
The Dirty Pipe Vulnerability
The Dirty Pipe Vulnerability (CVE-2022-0847) in Linux kernel versions since 5.8 allowed unauthorized data overwriting in read-only files, fixed in versions 5.16.11, 5.15.25, and 5.10.102. Discovered through CRC errors in log files, it revealed systematic corruption linked to ZIP file headers due to a kernel bug in Linux 5.10. The bug's origin was pinpointed by replicating data transfer issues between processes using C programs, exposing the faulty commit. Changes in the pipe buffer code impacted data transfer efficiency, emphasizing the intricate nature of kernel development and software component interactions.
RegreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems
A vulnerability in OpenSSH's server on glibc-based Linux systems (CVE-2024-6387) allows remote code execution. Exploiting this flaw requires precise timing. The advisory discusses exploitation details, success rates, and contacting developers for related issues.
Remote Unauthenticated Code Execution in OpenSSH Server
Qualys found regreSSHion, a critical RCE flaw in OpenSSH on glibc-based Linux systems. Over 14 million servers are at risk, with potential root access. Qualys created an exploit but delays release for patching.
Exploring Novel File System Objects for Data-Only Attacks on Linux Systems
The study explores data-only attacks on Linux systems, identifying critical file system objects for exploitation without requiring Kernel Address Space Layout Randomization. It presents novel exploit strategies and evaluates them against real-world vulnerabilities.
0 commentsRelated
XZ backdoor: Hook analysis
Kaspersky experts analyzed the XZ backdoor in OpenSSH 9.7p1, revealing hidden connections, SSH authentication bypass, and remote code execution capabilities. The backdoor manipulates RSA keys, uses steganography, and executes commands.
The Dirty Pipe Vulnerability
The Dirty Pipe Vulnerability (CVE-2022-0847) in Linux kernel versions since 5.8 allowed unauthorized data overwriting in read-only files, fixed in versions 5.16.11, 5.15.25, and 5.10.102. Discovered through CRC errors in log files, it revealed systematic corruption linked to ZIP file headers due to a kernel bug in Linux 5.10. The bug's origin was pinpointed by replicating data transfer issues between processes using C programs, exposing the faulty commit. Changes in the pipe buffer code impacted data transfer efficiency, emphasizing the intricate nature of kernel development and software component interactions.
RegreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems
A vulnerability in OpenSSH's server on glibc-based Linux systems (CVE-2024-6387) allows remote code execution. Exploiting this flaw requires precise timing. The advisory discusses exploitation details, success rates, and contacting developers for related issues.
Remote Unauthenticated Code Execution in OpenSSH Server
Qualys found regreSSHion, a critical RCE flaw in OpenSSH on glibc-based Linux systems. Over 14 million servers are at risk, with potential root access. Qualys created an exploit but delays release for patching.
Exploring Novel File System Objects for Data-Only Attacks on Linux Systems
The study explores data-only attacks on Linux systems, identifying critical file system objects for exploitation without requiring Kernel Address Space Layout Randomization. It presents novel exploit strategies and evaluates them against real-world vulnerabilities.