Critical Backdoor in XZ-Utils Exposed: SSH Bypass Threatens Linux Systems

April 8, 2024
Critical Backdoor in XZ-Utils Exposed: SSH Bypass Threatens Linux Systems
  • A critical supply chain backdoor vulnerability, CVE-2024-3094, has been detected by NSFOCUS CERT in XZ-Utils, scoring the maximum 10 on the CVSS scale.

  • The vulnerability enables attackers to circumvent SSH authentication, allowing unauthorized access and the ability to execute system commands.

  • The compromised component is liblzma in XZ-Utils versions 5.6.0 to 5.6.1, introduced by a trusted developer, affecting multiple Linux distributions.

  • NSFOCUS advises users to downgrade to a secure version or switch to alternative components to mitigate the risk.

  • Users should implement a supply chain management system and enhance security monitoring to prevent similar incidents.

  • NSFOCUS issues a disclaimer of liability for any consequences or losses related to the use of their advisory, while also offering cybersecurity solutions for protection against sophisticated cyber threats.

Summary based on 1 source


Get a daily email with more Tech stories

Related Stories