Some good sleuthing and interesting chaining here: CVE-2024-3094: backdoor in ...

2024-03-29 16:57:42

Some good sleuthing and interesting chaining here:

CVE-2024-3094: backdoor in upstream xz/liblzma leading to ssh server compromise

inserted m4 code -> configure script -> injected code into xz -> sshd when compiled with liblzma (e.g., used by systemd, what else)

https://www.openwall.com/lists/oss-security/2024/03/29/4

Author Public Key

npub1kvy8enal7npw9ct28tc53d4r5fl7q7a3ua3gku22z8jlyec37f3snmedh2

Show more details

Jan Schaumann on Nostr: Some good sleuthing and interesting chaining here: CVE-2024-3094: backdoor in ...