04.03.2024

Critical Linux XZ Utils Vulnerability

Alert
  • facebook share link
  • twitter share link
  • linkedin share link
  • mail share link

Date of Notice: 04/2/2024

Action Level - Critical

Description

The mentioned vulnerability is a result of a supply-chain attack done to the XZ utils repository. The malicious code was committed to the project by one its maintainers, the code allows specific remote attackers to send arbitrary payloads through an SSH certificate which will be executed in a manner that circumvents authentication protocols, effectively seizing control over the victim machine.

Fixed Versions

XZ Utils users should downgrade to an older version of the utility immediately (i.e., any version before 5.6.0) and update their installations and packages according to distribution maintainer directions.

Attack Vector

Authentication bypass and RCE, caused by malicious code placed into the XZ utils source code. The malicious code hijacks the SSH daemon and starts making several outbound connections to C2 servers.

Attack Feasibility 

If running a malicious version of XZ utils, then your machine is already compromised. See the below sources to get a better understanding of how the backdoor functions.

Mitigation/Remediation

Immediately downgrade XZ utils to a non-impacted version (any version before 5.6.0).

Resources

MCNC
PO Box 12889
3021 East Cornwallis Road
RTP, NC 27709-2889
919-248-1900 Phone | 919-248-1101 Fax
Connect With Us
  • linkedin
  • instagram
  • x
  • facebook
  • youtube
© 2024 MCNC