The following is an excerpt from our new module on the recent XZ Utils backdoor, CVE-2024-3094.
On Mar 29, 2024, at 12:00PM ET, Andres Freund posted on the Openwall mailing list about a backdoor he discovered in the XZ Utils package. The backdoor targeted the OpenSSH binary, allowing remote code execution on impacted machines. This backdoor was not located in the GitHub repository, but only in release versions of the package, which hid its presence.
Given that XZ Utils had been installed (directly or indirectly) on billions of Linux systems worldwide, this finding stunned the international Linux and infosec communities.
Understanding the Timeline of the Attack
In late 2021,
The post Behind Enemy Lines: Understanding the Threat of the XZ Backdoor appeared first on OffSec.