Author Topic: Does Malicious Backdoor Compromise SSH?  (Read 796 times)

0 Members and 1 Guest are viewing this topic.

Offline Elderberry

  • TBR Contributor
  • *****
  • Posts: 24,345
Does Malicious Backdoor Compromise SSH?
« on: April 02, 2024, 11:34:47 am »
Lawrence Person's BattleSwarm Blog 4/1/2024

A newly discovered backdoor found in the xz liblzma library of XZ Utils, the XZ format compression utilities included in most Linux distributions, targets the RSA implementation of OpenSSH.

For those outside of tech, that sentence was an unreadable jumble of acronyms. For those inside tech, a chill probably ran down their spine, as those technologies are everywhere. Anytime anyone buys something online, they’re going to be using SSH to create a secure channel to pass transaction information. Depending on how many distros are using that library, the consequence range from “bad” to “really, really bad.”


    A vulnerability (CVE-2024-3094) in XZ Utils, the XZ format compression utilities included in most Linux distributions, may “enable a malicious actor to break sshd authentication and gain unauthorized access to the entire system remotely,” Red Hat warns.

    The cause of the vulnerability is actually malicious code present in versions 5.6.0 (released in late February) and 5.6.1 (released on March 9) of the xz libraries, which was accidentally found by Andres Freund, a PostgreSQL developer and software engineer at Microsoft.

    “After observing a few odd symptoms around liblzma (part of the xz package) on Debian sid installations over the last weeks (logins with ssh taking a lot of CPU, valgrind errors) I figured out the answer: The upstream xz repository and the xz tarballs have been backdoored,” he shared via the oss-security mailing list.

    According to Red Hat, the malicious injection in the vulnerable versions of the libraries is obfuscated and only included in full in the download package.


Offline Sighlass

  • Hero Member
  • *****
  • Posts: 6,252
  • Didn't vote for McCain Dole Romney Trump !
Re: Does Malicious Backdoor Compromise SSH?
« Reply #1 on: April 02, 2024, 08:42:36 pm »
Linux... Open Source is still subject to human interference (or government owned/China).... Face it, I don't understand the code, the fact that it can be altered in ways I can't understand makes it dangerous.

Basically a developer got pressured to give up access to his project... They (hacker) shamed him for not having time to keep up with updates and he gave them access to alter code...
« Last Edit: April 02, 2024, 08:43:23 pm by Sighlass »
Exodus 18:21 Furthermore, you shall select out of all the people able men who fear God, men of truth, those who hate dishonest gain; and you shall place these over them as leaders over ....