REDLEGG BLOG
Emergency Security Bulletin | RedLegg | 96Bravo

Emergency Security Bulletin - XZ Util Data Compression Library Embedded Malicious Code (Backdoor) Vulnerability

4/1/24 4:21 PM  |  by RedLegg's Cyber Threat Intelligence Team

About:

RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.

Executive Summary

On March 28, 2024, Red Hat Linux released a security advisory in response to a supply chain compromise, in which malicious code was identified in the upstream tarballs of the xz utils libraries. The discovered malicious code could allow an adversary to establish a backdoor into a target environment via SSH server compromise. Major Linux distribution entities have advised their customers to either downgrade the XZ utils software to an uncompromised version or upgrade to the latest software releases.


VULNERABILITIES

XZ Util Data Compression Library Embedded Malicious Code (Backdoor) Vulnerability


Identifier:
CVE-2024-3094 CVSS Score 10 (CRITICAL)
Exploit or POC: No instance of active exploitation detected.
Update: Arch Linux, Debian, Kali Linux, OpenSUSE, Red Hat Enterprise Linux (RHEL), Ubuntu
Description: CVE-2024-3094 could allow for SSH server compromise. Version 5.6.0 and 5.6.1 of the XZ Util data compression software included in Linux distributions contains malicious code that further allow unauthorized access on compromised system. This vulnerability is contained within the upstream tarballs of xz utility. Successful exploitation could allow an adversary to modify or intercept data from resources that also leverage the xz library.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest associated software versions disclosed above.
RedLegg Action: None at this time.

Get Blog Updates

Related Articles

Emergency Security Bulletin - PAN-OS GLOBALPROTECT GATEWAY VULNERABILITY Bulletin, Vulnerability Bulletins

Emergency Security Bulletin - PAN-OS GLOBALPROTECT GATEWAY VULNERABILITY

About: RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide ...
Patch Tuesday - April 2024 Bulletin, Vulnerability Bulletins

Patch Tuesday - April 2024

*Important note: These are not the only vulnerabilities that were recently released; however, these are the ...
Critical Security Vulnerabilities Bulletin