Are Linux Systems Compromised? Backdoor Vulnerability
Vložit
- čas přidán 5. 09. 2024
- CVE-2024-3094 - The XZ Utils Backdoor, a critical SSH vulnerability in Linux
XZ Utils, formerly LZMA Utils, is a set of open-source command-line tools and libraries for lossless data compression, the most noteworthy tool being "XZ." The toolset comes installed by default on most modern Linux distributions
On March 29, 2024, Andres Freund, a Microsoft software engineer, alerted the open-source community about a SSH backdoor in XZ versions 5.6.0 and 5.6.1.
The SSH backdoor would allow remote unauthenticated attackers to achieve remote code execution on the infected systems bypassing the authentication in place. It was assigned CVE-2024-3094 with the maximum CVSS score - 10.
Credit to : pentest-tools....
=======================================
Follow me @:
/ thetips4you
/ thetips4you
/ thetipsforyou
www.thetips4yo...
=======================================
The vulnerability hs been patched already with releases and updates of kernels and libraries...unlike Windows?...you don't have to wait 6 months for fixes...and unlike MacOs...you're not lied to and told "Its inor And Won't Harm You"
Thanks for sharing your opinion and experience :)
Thanks for sharing. Yes you are right the vulnerability has been patched.
@Thetips4you What always blows my mind?...is the "mental network" that exists around the WORLD of like-minded individuals who all come together to make the Linux kernel as robust and resilient as it is. Yall ever notice?...a large portion of the "vulnerabilities" that exist for Linux...almost always require the "bad actor" to be physically present where the Linix machine is!?...because it's almost a non-entity that someone will get into a Linix machine remotely...chalk it up to the kernel being a "moving target".
By the time you get through the kernels defenses to infect version 5.12.23?....the patch for 5.13.6 is already on a repo server list..waiting to be downloaded and installed..