Jump to content
  • Sign Up
×
×
  • Create New...

Open source alert over intentionally placed backdoor

Pelican Press

By Pelican Press,
in World News

 Share

Recommended Posts

  • Diamond Member
Pelican Press Warlord

Pelican Press 0

Posted
  • Diamond Member
Posted



Open source alert over intentionally placed *********

Users of the open source

This is the hidden content, please
data compression library may have narrowly avoided falling victim to a major supply chain *******, after evidence of an apparently intentionally placed
This is the hidden content, please
in the code was revealed.

The malicious code, embedded in versions 5.6.0 and 5.6.1 of the library, enabled unauthorised access to affected Linux distributions, and over the past few days has been the subject of alerts

This is the hidden content, please
and the US
This is the hidden content, please
(CISA).

Red Hat explained that the malicious build interferes with authentication via

This is the hidden content, please
(SSH). “Under the right circumstances, this interference could potentially enable a malicious actor to break SSH authentication and gain unauthorised access to the entire system remotely,” it said in its advisory.

This is the hidden content, please
, the ultimate goal of the ********* is to enable a malicious actor to inject code into the OpenSSH server running on the target machine and enable specific remote attackers to send arbitrary payloads via SSH that ******** prior to authentication and take over the target.

It has been assigned the designation CVE-2024-3094, and

This is the hidden content, please
, a
This is the hidden content, please
developer who was led to the code after he spotted failing SSH logins using high central processing unit loads.

The ********* itself appears to have been introduced to the project in February, but was found by Freund before it was fully deployed in the wild – although some Linux distros, including Red Hat Fedora Linux 40 and Fedora Rawhide, may have received the tainted code already.

Other mainstream distros, including

This is the hidden content, please
,
This is the hidden content, please
and
This is the hidden content, please
, have issued their own advisories on the matter.

Deeply committed effort

The ********* seems to have been the work of an individual going by the handle JiaT75 who,

This is the hidden content, please
, had made extensive contributions to the XZ Utils project over a number of years.

At face value, the evidence suggests a coordinated and deeply committed effort by JiaT75 to pull the wool over everyone’s eyes. However, little is yet known about this person, and it’s important to note the possibility they may not be the guilty party; they may have been compromised themselves.

Saumitra Das,

This is the hidden content, please
vice-president of technology, said the XZ Utils incident had echoes of the infamous
This is the hidden content, please
, with code silently injected to allow remote unauthenticated access.

“It is unclear what the full ******* ***** chain would be once the ******* played out, but such attacks are generally very hard to detect at an early stage,” he said. “These types of incidents further highlight the need for defence in depth to provide for detections at different stages of the ***** chain.”

Das additionally noted that

This is the hidden content, please
– generally touted as a means to bolster the integrity of new code – provided insufficient safeguards against the supposed exploit scenario, and nor would it have done any good to observe system behaviour on the network or the endpoint for malicious binaries. Command and control (C2) or other anomalous activities would be needed to have any chance of detecting it, he claimed.

“This … highlights the need for understanding our software supply chain better,” said Das. “

This is the hidden content, please
is just the first step telling us about software ingredients. The next step would be to verify the source of those ingredients themselves. The GitHub committer who put this in, how that open source component is maintained and by whom, are all relevant questions we will need to take into account.”

Developers and users are advised to downgrade XZ Utils to an uncompromised version immediately, before undertaking a thorough hunt for any malicious activity.





This is the hidden content, please

#Open #source #alert #intentionally #*********

This is the hidden content, please

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Vote for the server

    To vote for this server you must login.

    Jim Carrey Flirting GIF

  • Recently Browsing   0 members

    • No registered users viewing this page.

Important Information

Privacy Notice: We utilize cookies to optimize your browsing experience and analyze website traffic. By consenting, you acknowledge and agree to our Cookie Policy, ensuring your privacy preferences are respected.

  I accept