Critical XZ SSH and...
Clear all

Critical XZ SSH and XZ vulnerability (CVE-2024-3094): Test and Fix

1 Posts
1 Users
0 Reactions
Brandon Lee
Posts: 554
Member Admin
Topic starter
  • Vulnerability Overview: A developer embedded malicious code in the XZ compression library test cases, which can overwrite legitimate libraries with exploitable code during compilation. This affects software like SSH, enabling attackers to gain root access through a special key by bypassing regular authentication.

  • Affected Systems: Systems using versions 5.6.0 or 5.6.1 of the XZ library, directly or in binaries like SSH, are likely affected. Linux distributions impacted include SuSE Tumbleweed, Fedora 40, Fedora Rawhide, Debian Sid, ArchLinux, Gentoo, and certain container or embedded systems distributions like Alpine Linux. However, stable distributions such as RHEL9 and Ubuntu 22 LTS are not affected as of now.

  • Testing System Exposure: A script is provided to check for the vulnerable library in systems. The script identifies the path to liblzma used by sshd, checks for a specific function signature indicative of vulnerability, and advises on vulnerability status. Users can run this script without root privileges to assess their systems' exposure.

  • Remediation: Recommendations include disabling SSH access temporarily and providing alternatives like VPN access, updating systems, limiting access with firewall rules, and using behavioral-based detection systems. SuSE specifically advises wiping and reinstalling systems with exposed SSH services. Links are provided for updating systems across various distributions.

  • Key takeaways: CVE-2024-3094 represents a critical security risk allowing root access via SSH on affected systems. Users and administrators should assess their vulnerability and apply recommended mitigations, including updates or system reinstalls, to protect against potential exploits.

Posted : 04/04/2024 2:14 pm