Jump to content

Backdoor found in widely used Linux utility breaks encrypted SSH connections

Rui Carlos

Recommended Posts


The compression utility, known as xz Utils, introduced the malicious code in versions 5.6.0 and 5.6.1, according to Andres Freund, the developer who discovered it. There are no confirmed reports of those versions being incorporated into any production releases for major Linux distributions, but both Red Hat and Debian reported that recently published beta releases used at least one of the backdoored versions—specifically, in Fedora 40 and Fedora Rawhide and Debian testing, unstable and experimental distributions.

Because the backdoor was discovered before the malicious versions of xz Utils were added to production versions of Linux, “it's not really affecting anyone in the real world,” Will Dormann, a senior vulnerability analyst at security firm ANALYGENCE, said in an online interview. “BUT that's only because it was discovered early due to bad actor sloppiness. Had it not been discovered, it would have been catastrophic to the world.”

Several people, including two Ars readers, reported that the multiple apps included in the HomeBrew package manager for macOS rely on the backdoored 5.6.1 version of xz Utils. Those apps, one user said, include: aom, cairo, ffmpeg, gcc, glib, harfbuzz, jpeg-xl, leptonica, libarchive, libtiff, little-cms2, numpy, openblas, openjpeg, openvino, pango, python@3.11, python@3.12, tesseract, webp, yt-dlp, zstd. The other user said HomeBrew has now rolled back the utility to version 5.4.6.


Fonte: https://arstechnica.com/security/2024/03/backdoor-found-in-widely-used-linux-utility-breaks-encrypted-ssh-connections/


Uma boa ocasião para referenciar o XKCD: https://xkcd.com/2347/


  • Vote 1
Link to comment
Share on other sites

Isto parece ter sido um ataque bem mais elaborado que outros ataques de supply chain recentes, orquestrado ao longo de mais de dois anos.  Alguns artigos com mais contexto:

E já agora, a mensagem original a descrever o backdoor: https://www.openwall.com/lists/oss-security/2024/03/29/4

Mais um exemplo das vulnerabilidades que enfrentamos com sistemas cada vez mais complexos, e com cada vez mais dependências.



Algumas análises mais detalhadas ao backdoor, indicam que se trata de uma vulnerabilidade de remote code execution, e não autenticação.



  • Vote 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...

Important Information

By using this site you accept our Terms of Use and Privacy Policy. We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.