all InfoSec news
CVE-2024-3094: Detecting the SSHD backdoor in XZ Utils
Malware Analysis, News and Indicators - Latest topics malware.news
On March 29th, 2024, a backdoor in a popular package called XZ Utils was announced on the Openwall mailing list. This utility includes a library called liblzma which is used by SSHD, a critical part of the Internet infrastructure used for remote access. When loaded, the CVE-2024-3094 affects the authentication of SSHD potentially allowing intruders access regardless of the method.
Affected versions: 5.6.0, 5.6.1
Affected Distributions: Fedora 41, Fedora Rawhide
*At the time of this writing
Background
A malicious …
access authentication backdoor called critical cve cve-2024 infrastructure internet internet infrastructure library list march package popular remote access utility