A vulnerability in the form of a backdoor has been discovered in the software library liblzma from XZ Utils. XZ Utils in a data compression application that is present in many versions (distributions) of the Linux operating system, the Digital Trust Center reports.
The vulnerability is referred to as CVE-2024-3094 and has been given a CVSS score of 10, which is the highest possible CVSS score. The National Cyber Security Center (NCSC) has designated the vulnerability as High/High. This means that there is a high chance that these vulnerabilities will be exploited and that the damage could be significant.
This vulnerability involves a so-called ‘backdoor’. This is a backdoor in the software that can be used by an attacker to gain access to a system without login credentials. It is still unclear what exactly is needed to bypass authentication, but it is expected that abuse or an exploit will occur soon. The code that makes this backdoor possible is hidden in certain versions (5.6.0 and 5.6.1) of the XZ Utils software. This software is available in many different Linux versions. At this time, it appears that vulnerable versions of XZ Utils have not yet been included in the most mainstream ‘production’ versions of various Linux distributions.
Click here for the security advice.
The IT world is fast. Don’t miss anything.
The very latest ICT news in your mailbox
By -Editorial staff-
Tags: Backdoor discovered commonly Linux software
