Malicious Backdoor Identified in Linux Compression Library

Background

A backdoor has been discovered in the open-source compression library, XZ Utils versions 5.6.0 and 5.6.1 for Linux operating systems. This vulnerability, tracked as CVE-2024-3094 and rated 10 in CVSS severity is a supply chain attack that compromises the integrity of Secure Shell (SSH) and allows attackers to use a predefined encrypted private key to execute commands on the victim’s machine with administrator permissions.

Impact

Exploitation of the backdoor enables a malicious actor to break SSH authentication and gain unauthorised access to the entire system remotely.

Mitigation Measure

  • Administrators and developers are advised to upgrade their XZ Utils installation to the latest stable version. Alternatively, users may downgrade to an uncompromised version such as XZ Utils 5.4.6.
  • Ensure that infrastructure firmware, operating systems, and user applications are up to date in terms of patches.
  • Use Multi-factor authentication wherever possible as part of access control mechanisms.
  • Limit the use of administrator privileges.

Recommendation

The following references provide further details on the backdoor.

Contact the Cyber Security Authority

The CSA has a 24-hour Cybersecurity/Cybercrime Incident Reporting Points of Contact (PoC) for reporting cybercrimes and for seeking guidance and assistance on online activities, Call or Text – 292, WhatsApp – 0501603111, Email – report@csa.gov.gh

Issued by Cyber Security Authority
June 20, 2024
Ref: CSA/CERT/TA/2024-06/01