CVE-2024-3094 - The XZ Utils Backdoor, a critical SSH vulnerability in Linux

opensource · Post by **opensource** » Tue Sep 24, 2024 9:26 am

XZ Utils, formerly LZMA Utils, is a set of open-source command-line tools and libraries for lossless data compression, the most noteworthy tool being "XZ." The toolset comes installed by default on most modern Linux distributions. On March 29, 2024, Andres Freund, a Microsoft software engineer, alerted the open-source community about a SSH backdoor in XZ versions 5.6.0 and 5.6.1. The SSH backdoor would allow remote unauthenticated attackers to achieve remote code execution on the infected systems bypassing the authentication in place. It was assigned CVE-2024-3094 with the maximum CVSS score - 10.

https://pentest-tools.com/blog/xz-utils ... -2024-3094