Malicious Code Discovered in xz Upstream Tarballs, Affecting liblzma and Other Dependent Packages
CVE-2024-3094
Key Information
- Vendor
- Red Hat
- Status
- Xz
- Red Hat Enterprise Linux 6
- Red Hat Enterprise Linux 7
- Red Hat Enterprise Linux 8
- Vendor
- CVE Published:
- 29 March 2024
Badges
What is CVE-2024-3094?
CVE-2024-3094 is a critical vulnerability affecting the xz utility, specifically through its upstream tarballs starting from version 5.6.0. xz is widely used for data compression in various systems and applications, including software packages and libraries. This vulnerability introduces malicious code that can manipulate the liblzma library, crucial for handling data compression tasks. Organizations utilizing software that links against liblzma may find their data integrity compromised, as the vulnerability allows for data interception and unauthorized modifications, severely threatening the confidentiality and accuracy of critical data operations.
Technical Details
The vulnerability originates from a sophisticated supply chain attack where obfuscated malicious code was embedded within the upstream tarballs of xz. Upon building the liblzma library, the build process extracts a disguised and prebuilt object file from a specially crafted test file present in the source code. This compromised object file alters essential functions within the liblzma library, enabling attackers to intercept and manipulate the data being processed by any software that depends on this library. The stealthy nature of the obfuscation makes detection challenging, allowing the backdoor to remain concealed.
Impact of the Vulnerability
-
Data Integrity Breach: The manipulation of the liblzma library can lead to unauthorized alteration of compressed data, posing a significant risk to the integrity of crucial information handled by affected systems.
-
Widespread Consequences for Dependent Software: Since liblzma is a common dependency in numerous applications and libraries, the impact of this vulnerability can cascade, potentially affecting a wide range of software ecosystems.
-
Increased Attack Surface: By enabling data interception capabilities, this vulnerability may allow attackers to exploit further weaknesses, potentially leading to additional security breaches or the injection of additional malicious payloads into other processes or systems.
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
The Hacker NewsCVE-2024-3094Leveraging Wazuh for Zero Trust security
Learn how Zero Trust security protects organizations by eliminating implicit trust, enabling continuous monitoring, and enhancing incident response
2 months ago
Online xz utility backdoor scanning tool issued
Binarly has issued a free online tool that would facilitate scanning a newly discovered backdoor and maximum severity vulnerability in xz tools and libraries used by major Linux distributions, tracked as CVE-2024-3094, across Linux binaries amid significant security risks, according to Security Affa...
5 months ago
InfoSec Write-upsCve – InfoSec Write-ups
Read writing about Cve in InfoSec Write-ups. A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. Subscribe to our weekly newsletter for the coolest infosec updates: https://weekly...
5 months ago
Refferences
EPSS Score
63% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🔴
Public PoC available
- 👾
Exploit known to exist
- 🔥
Vulnerability reached the number 1 worldwide trending spot
Vulnerability started trending
Vulnerability Reserved
First article discovered by Beeping Computers
Vulnerability published