all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

How does xz's backdoor rewrite the entry of RSA_public_decrypt@....plt ?

Add to bookmarks
March 30, 2024, 11:22 a.m. | /u/tamaroning

cybersecurity www.reddit.com

I read some articles about the attack.

[https://openwall.com/lists/oss-security/2024/03/29/4](https://openwall.com/lists/oss-security/2024/03/29/4)

[https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27](https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27)

The first article refers to hack glibc IFUNC resolver and hooks to the dynamic linker (ld-linux.so?).

As a result, importantly, calls to RSA\_public\_decrypt redirects to malicious code.

But I dont understand how attackers register hooks into the dynamic linker. I heard that the malicious function analyzes the symbol table.

Someone can explain it?

article articles attack attackers backdoor code cybersecurity dynamic entry glibc hack linux malicious redirects register resolver result rsa understand

Visit resource

More from www.reddit.com / cybersecurity

Around 1000 exploitable cybersecurity vulnerabilities that MITRE & NIST ‘might’ have missed but China or … 3 hours ago | www.reddit.com
china cybersecurity cybersecurity vulnerabilities mitre +3
Does anyone perform model-assisted threat hunting? 6 hours ago | www.reddit.com
advanced analysis capabilities coworkers +12
SEC Adds New Incident Response Rules for Financial Sector 13 hours ago | www.reddit.com
cybersecurity financial financial sector incident +5
Do you automate? 15 hours ago | www.reddit.com
automate automation bash can +15
Is the Microsoft Security Operations Analyst Associate SC-200 Certification Worth Pursuing? 16 hours ago | www.reddit.com
analyst certification certs cybersecurity +12
Picking your sources of IoC 1 day, 7 hours ago | www.reddit.com
can cybersecurity go to investigation +7
Are password requirements useless? 1 day, 7 hours ago | www.reddit.com
bitwarden brute can cybersecurity +13
Upcoming conferences for 2024? 1 day, 8 hours ago | www.reddit.com
conference conferences cybersecurity employer +11
How does a processor execute encrypted binaries. 1 day, 9 hours ago | www.reddit.com
bitcoin bypass cybersecurity defender +15

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada
View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA
View on infosec-jobs.com

Sr. Staff Firmware Engineer – Networking & Firewall

@ Axiado | Bengaluru, India
View on infosec-jobs.com

Compliance Architect / Product Security Sr. Engineer/Expert (f/m/d)

@ SAP | Walldorf, DE, 69190
View on infosec-jobs.com

SAP Security Administrator

@ FARO Technologies | EMEA-Portugal
View on infosec-jobs.com