Malicious Backdoor Identified in Linux Compression Library
Background
A backdoor has been discovered in the open-source compression library, XZ Utils versions 5.6.0 and 5.6.1 for Linux operating systems. This vulnerability, tracked as CVE-2024-3094 and rated 10 in CVSS severity is a supply chain attack that compromises the integrity of Secure Shell (SSH) and allows attackers to use a predefined encrypted private key to execute commands on the victim’s machine with administrator permissions.
Impact
Exploitation of the backdoor enables a malicious actor to break SSH authentication and gain unauthorised access to the entire system remotely.
Mitigation Measure
- Administrators and developers are advised to upgrade their XZ Utils installation to the latest stable version. Alternatively, users may downgrade to an uncompromised version such as XZ Utils 5.4.6.
- Ensure that infrastructure firmware, operating systems, and user applications are up to date in terms of patches.
- Use Multi-factor authentication wherever possible as part of access control mechanisms.
- Limit the use of administrator privileges.
Recommendation
The following references provide further details on the backdoor.
- https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users
- https://www.cybereason.com/blog/threat-alert-the-xz-backdoor
Contact the Cyber Security Authority
The CSA has a 24-hour Cybersecurity/Cybercrime Incident Reporting Points of Contact (PoC) for reporting cybercrimes and for seeking guidance and assistance on online activities, Call or Text – 292, WhatsApp – 0501603111, Email – report@csa.gov.gh
Issued by Cyber Security Authority
June 20, 2024
Ref: CSA/CERT/TA/2024-06/01
Government Advisory
Business Advisories
Public Advisories
Children Advisories
Others