SSH XZ-Utils Backdoor (CVE-2024-3094)

Rule ID

1234795

Severity

Critical

Description

It has been reported that versions 5.6.0 and 5.6.1 of XZ Utils, a command line tool for compressing and decompressing .xz files, have been compromised (CVE-2024-3094). This issue affects any software connected to the XZ library, allowing for the interception and modification of data used with the library. The backdoor is in the package's liblzma library, which is also used by sshd to listen for SSH connections. The malware (aka xzbot) execute shell command on an infected system by passing it directly to system() over SSH under specific conditions, according to the reports.

Impact

Policy bypass

Recommendation

Update vendor's patch.

IPS Category

DoS attacks

IPS Anomaly Group

N/A

IPS Rule Default Action

Deny

References

CVE-2024-3094

T1573

T1071

Keywords

N/A

Date Created

2024/04/19

Last Updated

2026/01/16

This website uses cookies to ensure you get the best experience on our website.

Learn more