NEWS

XZ Utils Vulnerability: CVE-2024-3094

On March 28th, Red Hat released an advisory for CVE-2024-3094 which is a critical vulnerability identified in XZ Utils – a widely used data compression software included in many Linux distributions. This vulnerability stems from a backdoor inserted in versions 5.6.0 and 5.6.1 of XZ Utils and has been given a CVSS score of 10 out of 10, indicating its severity as critical. The malicious code discovered in these versions of XZ Utils interferes with the authentication process, potentially allowing unauthorized remote system access. The compromised versions were distributed in testing and some stable versions of various Linux distributions, including Fedora Linux 40 beta, Fedora Rawhide, openSUSE Tumbleweed, openSUSE MicroOS and Debian’s testing, unstable, and experimental versions. Additionally, users of Kali Linux that have updated their installation between March 26th to March 29th are affected, as well as some Arch Linux virtual machine and container images, and an installation medium contained the affected XZ versions. 

Immediate recommendations include downgrading XZ Utils to a non-compromised version, specifically version 5.4.6, which is believed to be unaffected. Users and administrators should also monitor and apply updates from their respective Linux distribution providers to ensure they are not vulnerable to this backdoor exploit. Additionally, it is recommended to check for any sensitive information or sensitive keys on the affected machines and rotate any credentials found on the machine, or related to the machine. 

To determine if a host is running a vulnerable version of XZ, a user can run the following command: strings `which xz` | grep ‘5\.6\.[01]’

Any result including 5.6.0 or 5.6.1 indicates that the host may be vulnerable, and an update of the library should be prioritized.  

The discovery of CVE-2024-3094 highlights the importance of vigilant software supply chain security, and the need for rapid response and mitigation actions to protect against potential unauthorized access and system compromises. CleanINTERNET® utilizes threat intelligence proactively to protect against reconnaissance.  Without such protection, attackers can rapidly index and launch attacks on known vulnerable targets. 

If you are currently running an affected version of XZ Utils please contact support@centripetal.ai.   

Centripetal is pleased to offer Penetration Testing and Vulnerability Assessment services to help organizations identify vulnerabilities and reduce risk. If interested, please contact our Professional Services team at profservs@centripetal.ai or reach out to your Centripetal Account Representative.  

Tweet Article
Share Article

SIGN UP TO OUR NEWSLETTER

Experience how CleanINTERNET® can proactively protect your organization.