Supply Chain Attack via XZ Library Resulting in SSH Backdoor [CVE-2024-3094] Ingrid A backdoor [CVE-2024-3094] was introduced into the liblzma5 library, a small but crucial compression library maintained by the Tukaani project. This also introduced a backdoor into SSH, a common remote administration service often exposed externally to the Internet. This vulnerability could allow remote code execution when the attacker is able to validate their signature. The backdoor made its way into downstream unstable releases of various Linux distributions, but also included mainline branches of xz. If the payload is malformed or the attacker’s signature is not verified, the backdoor reverts back to a regular operation. Cybersecurity news: April 1, 2024: Supply chain attack details and tracking started. Impacted Systems Version 5.6.0 and later of xz. The code for other applications that link liblzma5 might be impacted. Remediation & Mitigation Follow the CISA recommendations and revert xz tarballs to stable versions before 5.6.0. Resources NIST, “CVE-2024-3094 Detail” Openwall, “Backdoor in Upstream XZ/Liblzma Leading to SSH Server Compromise” Red Hat, “CVE-2024-3094” April 1, 2024: Published. Related articles SysAid Path Traversal [CVE-2023-47246] Open Port Finding Messages: Detected Services Windows Extended Support and Extended Security Upgrades (ESU) Supported Server Software Why Is My Web Application Headers Grade a C When I Have No Findings? Feedback 0 comments Please sign in to leave a comment.