About:
RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.
Executive Summary
On March 28, 2024, Red Hat Linux released a security advisory in response to a supply chain compromise, in which malicious code was identified in the upstream tarballs of the xz utils libraries. The discovered malicious code could allow an adversary to establish a backdoor into a target environment via SSH server compromise. Major Linux distribution entities have advised their customers to either downgrade the XZ utils software to an uncompromised version or upgrade to the latest software releases.
VULNERABILITIES
XZ Util Data Compression Library Embedded Malicious Code (Backdoor) Vulnerability
Identifier: CVE-2024-3094 – CVSS Score 10 (CRITICAL)
Exploit or POC: No instance of active exploitation detected.
Update: Arch Linux, Debian, Kali Linux, OpenSUSE, Red Hat Enterprise Linux (RHEL), Ubuntu
Description: CVE-2024-3094 could allow for SSH server compromise. Version 5.6.0 and 5.6.1 of the XZ Util data compression software included in Linux distributions contains malicious code that further allow unauthorized access on compromised system. This vulnerability is contained within the upstream tarballs of xz utility. Successful exploitation could allow an adversary to modify or intercept data from resources that also leverage the xz library.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest associated software versions disclosed above.
RedLegg Action: None at this time.