CVE-2024-3094
Description
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0.
Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.
Severity: CRITICAL
CVE ID: CVE-2024-3094
CVSS Score: 10.0
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Proof Of Concept
byinarie
Information for CVE-2024-3094
Refrence: GitHub
FabioBaroni
Quick and dirty PoC for checking whether a vulnerable version of xz-utils is installed (CVE-2024-3094)
Refrence: GitHub
lypd0
Verify that your XZ Utils version is not vulnerable to CVE-2024-3094
Refrence: GitHub
OpensourceICTSolutions
Refrence: GitHub
bioless
Script to detect CVE-2024-3094.
Refrence: GitHub
Hacker-Hermanos
This repository contains a Bash script and a one-liner command to verify if a system is running a vulnerable version of the "xz" utility, as specified by CVE-2024-3094.
Refrence: GitHub
Fractal-Tess
Refrence: GitHub
wgetnz
Refrence: GitHub
emirkmo
History of commits related to the xz backdoor Discovered On March 29, 2024: CVE-2024-3094.
Refrence: GitHub
ashwani95
Refrence: GitHub
harekrishnarai
Checker for CVE-2024-3094 where malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code.
Refrence: GitHub
teyhouse
K8S and Docker Vulnerability Check for CVE-2024-3094
Refrence: GitHub
alokemajumder
Shell scripts to identify and fix installations of xz-utils affected by the CVE-2024-3094 vulnerability. Versions 5.6.0 and 5.6.1 of xz-utils are known to be vulnerable, and this script aids in detecting them and optionally downgrading to a stable, un-compromised version (5.4.6) or upgrading to latest version. Added Ansible Playbook
Refrence: GitHub
Horizon-Software-Development
Refrence: GitHub
hazemkya
Refrence: GitHub
lockness-Ko
An ssh honeypot with the XZ backdoor. CVE-2024-3094
Refrence: GitHub
brinhosa
Refrence: GitHub
isuruwa
CVE-2024-3094
Refrence: GitHub
k4t3pr0
Refrence: GitHub
Yuma-Tsushima07
A script to detect if xz is vulnerable - CVE-2024-3094
Refrence: GitHub
jfrog
Refrence: GitHub
krascovict
Refrence: GitHub
Simplifi-ED
Ansible playbook for patching CVE-2024-3094
Refrence: GitHub
gayatriracha
Refrence: GitHub
Mustafa1986
Refrence: GitHub
MrBUGLF
XZ-Utils工具库恶意后门植入漏洞(CVE-2024-3094)
Refrence: GitHub
galacticquest
Refrence: GitHub
zgimszhd61
Refrence: GitHub
mightysai1997
Refrence: GitHub
mightysai1997
Refrence: GitHub
mesutgungor
CVE-2024-3094
Refrence: GitHub
reuteras
Obsidian notes about CVE-2024-3094
Refrence: GitHub
amlweems
notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)
Refrence: GitHub
gustavorobertux
Checker - CVE-2024-3094
Refrence: GitHub
ackemed
Refrence: GitHub
0xlane
XZ Backdoor Extract(Test on Ubuntu 23.10)
Refrence: GitHub
dah4k
Refrence: GitHub
hackingetico21
Script en bash para revisar si tienes la vulnerabilidad CVE-2024-3094.
Refrence: GitHub
devjanger
CVE-2024-3094 XZ Backdoor Detector
Refrence: GitHub
ScrimForever
Detectar CVE-2024-3094
Refrence: GitHub
pentestfunctions
CVE-2024-3094 - Checker (fix for arch etc)
Refrence: GitHub
r0binak
Dockerfile and Kubernetes manifests for reproduce CVE-2024-3094
Refrence: GitHub
przemoc
apocalypxze: xz backdoor (2024) AKA CVE-2024-3094 related links
Refrence: GitHub
CyberGuard-Foundation
Our current information about the CVE-2024-3094 backdoor.
Refrence: GitHub
Security-Phoenix-demo
Collection of Detection, Fix, and exploit for CVE-2024-3094
Refrence: GitHub
MagpieRYL
This is a container environment running CVE-2024-3094 sshd backdoor instance, working with https://github.com/amlweems/xzbot project. IT IS NOT Docker, just implemented by chroot.
Refrence: GitHub
Bella-Bc
Verify if your installed version of xz-utils is vulnerable to CVE-2024-3094 backdoor
Refrence: GitHub
TheTorjanCaptain
The repository consists of a checker file that confirms if your xz version and xz-utils package is vulnerable to CVE-2024-3094.
Refrence: GitHub
iheb2b
The CVE-2024-3094 Checker is a Bash tool for identifying if Linux systems are at risk from the CVE-2024-3094 flaw in XZ/LZMA utilities. It checks XZ versions, SSHD's LZMA linkage, and scans for specific byte patterns, delivering results in a concise table format.
Refrence: GitHub
felipecosta09
A tutorial on how to detect the CVE 2024-3094
Refrence: GitHub
weltregie
Scans liblzma from xu-utils for backdoor (CVE-2024-3094)
Refrence: GitHub
crfearnworks
Ansible playbooks designed to check and remediate CVE-2024-3094 (XZ Backdoor)
Refrence: GitHub
robertdebock
A small repo with a single playbook.
Refrence: GitHub
badsectorlabs
An Ansible Role that installs the xz backdoor (CVE-2024-3094) on a Debian host and optionally installs the xzbot tool.
Refrence: GitHub
Juul
Scan for files containing the signature from the xz
backdoor (CVE-2024-3094)
Refrence: GitHub
fevar54
La siguiente regla YARA ayuda a detectar la presencia del backdoor en la librería liblzma comprometida en sistemas que utilizan las versiones 5.6.0 y 5.6.1 de la herramienta de compresión XZ.
Refrence: GitHub
neuralinhibitor
XZ Utils CVE-2024-3094 POC for Kubernetes
Refrence: GitHub
Content on GitHub
robertdebock | watchers:5
ansible-role-cve_2024_3094
Check xz vulnerability (cve_2024_3094) on your system.
Refrence: GitHub
bsekercioglu | watchers:0
cve2024-3094-Checker
Refrence: GitHub