all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

How does xz's backdoor rewrite the entry of RSA_public_decrypt@....plt ?

Add to bookmarks
March 30, 2024, 11:22 a.m. | /u/tamaroning

cybersecurity www.reddit.com

I read some articles about the attack.

[https://openwall.com/lists/oss-security/2024/03/29/4](https://openwall.com/lists/oss-security/2024/03/29/4)

[https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27](https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27)

The first article refers to hack glibc IFUNC resolver and hooks to the dynamic linker (ld-linux.so?).

As a result, importantly, calls to RSA\_public\_decrypt redirects to malicious code.

But I dont understand how attackers register hooks into the dynamic linker. I heard that the malicious function analyzes the symbol table.

Someone can explain it?

article articles attack attackers backdoor code cybersecurity dynamic entry glibc hack linux malicious redirects register resolver result rsa understand

Visit resource

More from www.reddit.com / cybersecurity

Hackers of all kinds are attacking routers across the world | TechRadar 2 hours ago | www.reddit.com
cybersecurity hackers routers world
🤣 Ivanti is hiring an Offensive Security Engineer 3 hours ago | www.reddit.com
assessment cybersecurity old team +3
Migrating to Australia as a cybersecurity consultant 6 hours ago | www.reddit.com
australia clients consultant cybersecurity +11
Why is an entry level job so hard to get? 7 hours ago | www.reddit.com
automatic cybersecurity don down +7
REvil hacker behind Kaseya ransomware attack gets 13 years in prison 9 hours ago | www.reddit.com
cybersecurity
Veza releases the "State of Access" report based on 1.2B permissions 10 hours ago | www.reddit.com
access cybersecurity permissions releases +3
From S3 bucket to internal network operation 11 hours ago | www.reddit.com
cybersecurity internal internal network network +1
Investigating Microsoft Graph Activity Logs 11 hours ago | www.reddit.com
cybersecurity graph logs microsoft
Too much? 12 hours ago | www.reddit.com
clients control cybersecurity deploy +8

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Information Security Specialist, Sr. (Container Hardening)

@ Rackner | San Antonio, TX
View on infosec-jobs.com

Principal Security Researcher (Advanced Threat Prevention)

@ Palo Alto Networks | Santa Clara, CA, United States
View on infosec-jobs.com

EWT Infosec | IAM Technical Security Consultant - Manager

@ KPMG India | Bengaluru, Karnataka, India
View on infosec-jobs.com

Security Engineering Operations Manager

@ Gusto | San Francisco, CA; Denver, CO; Remote
View on infosec-jobs.com

Network Threat Detection Engineer

@ Meta | Denver, CO | Reston, VA | Menlo Park, CA | Washington, DC
View on infosec-jobs.com
View more jobs