all InfoSec news
A Vulnerability in XZ Utils Could Allow for Remote Code Execution
Center for Internet Security - Multi-State Information Sharing and Analysis Center www.cisecurity.org
A vulnerability has been discovered in XZ Utils that could allow for remote code execution. XZ is a general-purpose data compression format present in nearly every Linux distribution, both community projects and commercial product distributions. Successful exploitation of this vulnerability could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user …
code code execution commercial community compression context data data compression distribution distributions exploitation general linux product projects purpose remote code remote code execution vulnerability