A serious vulnerability in the form of a backdoor has been discovered in the software library liblzma of XZ Utils. XZ Utils in a data compression application that is present in many versions (distributions) of the Linux operating system. The vulnerability is referred to as CVE-2024-3094 and has been given a CVSS score of 10, which is the highest possible CVSS score. The National Cyber Security Center (NCSC) has designated the vulnerability as High/High. This means that there is a high chance that these vulnerabilities will be exploited and that the damage could be significant.
What is going on?
Within this vulnerability there is a so-called ‘backdoor’. This is a backdoor in the software that can be used by an attacker to gain access to a system without login credentials. It is still unclear what exactly is needed to bypass authentication, but it is expected that abuse or an exploit will occur soon. The code that makes this backdoor possible is hidden in certain versions (5.6.0 and 5.6.1) of the XZ Utils software. This software is available in many different Linux versions. At this time, it appears that vulnerable versions of XZ Utils have not yet been included in the most mainstream ‘production’ versions of various Linux distributions.
What can I do?
If you use Linux within your organization, the Digital Trust Center (DTC) advises you to check as soon as possible whether a vulnerable version of XZ Utils is being used. See the (security) advice from the various distributions, including Red Hat and Debian. It is also possible to check whether and, if so, which version of XZ Utils is installed, using the following command:
xz -V
Example:
root@srv:~# xz -V
xz (XZ Utils) 5.4.2
liblzma 5.4.2
If it turns out that you are using a vulnerable version (5.6.0 and 5.6.1) of XZ Utils, it is advisable to remove these versions as soon as possible and use an older version (downgrade).
This article is a submitted article and is beyond the responsibility of the editors.
Tags: Backdoor discovered commonly Linux software
