# Xz:分布式源代码中的恶意代码
## 漏洞概述
恶意代码在 xz 的上游 tarballs 中被发现,影响从 5.6.0 版本开始。通过一系列复杂的混淆手段,liblzma 构建过程中会从一个伪装的测试文件中提取出一个预构建的对象文件,并修改 liblzma 代码中的特定功能。这会导致一个修改过的 liblzma 库,进而拦截和修改所有与此库进行数据交互的软件。
## 影响版本
- 5.6.0 及以上版本
## 漏洞细节
1. 恶意代码存在于 xz 的上游 tarballs 中。
2. 通过复杂混淆手段,liblzma 的构建过程会从一个伪装成测试文件的文件中提取出预构建的对象文件。
3. 该对象文件用于修改 liblzma 代码中的特定功能。
4. 修改后生成的 liblzma 库可以拦截和修改与该库进行数据交互的所有软件。
## 漏洞影响
- 会导致一个修改后的 liblzma 库,任何与该库进行数据交互的软件都会受到影响。
- 可以拦截和修改数据交互,从而可能引发数据泄露或其他安全问题。
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | Information for CVE-2024-3094 | https://github.com/byinarie/CVE-2024-3094-info | POC详情 |
| 2 | Quick and dirty PoC for checking whether a vulnerable version of xz-utils is installed (CVE-2024-3094) | https://github.com/FabioBaroni/CVE-2024-3094-checker | POC详情 |
| 3 | Verify that your XZ Utils version is not vulnerable to CVE-2024-3094 | https://github.com/lypd0/CVE-2024-3094-Vulnerabity-Checker | POC详情 |
| 4 | None | https://github.com/OpensourceICTSolutions/xz_utils-CVE-2024-3094 | POC详情 |
| 5 | Script to detect CVE-2024-3094. | https://github.com/bioless/xz_cve-2024-3094_detection | POC详情 |
| 6 | This repository contains a Bash script and a one-liner command to verify if a system is running a vulnerable version of the "xz" utility, as specified by CVE-2024-3094. | https://github.com/Hacker-Hermanos/CVE-2024-3094_xz_check | POC详情 |
| 7 | None | https://github.com/Fractal-Tess/CVE-2024-3094 | POC详情 |
| 8 | None | https://github.com/wgetnz/CVE-2024-3094-check | POC详情 |
| 9 | History of commits related to the xz backdoor Discovered On March 29, 2024: CVE-2024-3094. | https://github.com/emirkmo/xz-backdoor-github | POC详情 |
| 10 | xz exploit to privilege escalation in Linux | https://github.com/Jooose001/CVE-2024-3094-EXPLOIT | POC详情 |
| 11 | None | https://github.com/ashwani95/CVE-2024-3094 | POC详情 |
| 12 | Checker for CVE-2024-3094 where malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. | https://github.com/harekrishnarai/xz-utils-vuln-checker | POC详情 |
| 13 | K8S and Docker Vulnerability Check for CVE-2024-3094 | https://github.com/teyhouse/CVE-2024-3094 | POC详情 |
| 14 | This project contains a shell script designed to help users identify and fix installations of xz-utils affected by the CVE-2024-3094 vulnerability. Versions 5.6.0 and 5.6.1 of xz-utils are known to be vulnerable, and this script aids in detecting them and optionally downgrading to a stable, un-compromised version (5.4.6). | https://github.com/alokemajumder/CVE-2024-3094-Vulnerability-Checker-Fixer | POC详情 |
| 15 | None | https://github.com/Horizon-Software-Development/CVE-2024-3094 | POC详情 |
| 16 | None | https://github.com/hazemkya/CVE-2024-3094-checker | POC详情 |
| 17 | An ssh honeypot with the XZ backdoor. CVE-2024-3094 | https://github.com/lockness-Ko/xz-vulnerable-honeypot | POC详情 |
| 18 | None | https://github.com/brinhosa/CVE-2024-3094-One-Liner | POC详情 |
| 19 | CVE-2024-3094 | https://github.com/isuruwa/CVE-2024-3094 | POC详情 |
| 20 | None | https://github.com/k4t3pr0/Check-CVE-2024-3094 | POC详情 |
| 21 | A script to detect if xz is vulnerable - CVE-2024-3094 | https://github.com/Yuma-Tsushima07/CVE-2024-3094 | POC详情 |
| 22 | None | https://github.com/jfrog/cve-2024-3094-tools | POC详情 |
| 23 | None | https://github.com/krascovict/OSINT---CVE-2024-3094- | POC详情 |
| 24 | Ansible playbook for patching CVE-2024-3094 | https://github.com/Simplifi-ED/CVE-2024-3094-patcher | POC详情 |
| 25 | None | https://github.com/gayatriracha/CVE-2024-3094-Nmap-NSE-script | POC详情 |
| 26 | None | https://github.com/Mustafa1986/CVE-2024-3094 | POC详情 |
| 27 | XZ-Utils工具库恶意后门植入漏洞(CVE-2024-3094) | https://github.com/MrBUGLF/XZ-Utils_CVE-2024-3094 | POC详情 |
| 28 | None | https://github.com/galacticquest/cve-2024-3094-detect | POC详情 |
| 29 | None | https://github.com/zgimszhd61/cve-2024-3094-detect-tool | POC详情 |
| 30 | None | https://github.com/mightysai1997/CVE-2024-3094-info | POC详情 |
| 31 | None | https://github.com/mightysai1997/CVE-2024-3094 | POC详情 |
| 32 | CVE-2024-3094 | https://github.com/mesutgungor/xz-backdoor-vulnerability | POC详情 |
| 33 | Obsidian notes about CVE-2024-3094 | https://github.com/reuteras/CVE-2024-3094 | POC详情 |
| 34 | notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094) | https://github.com/amlweems/xzbot | POC详情 |
| 35 | Checker - CVE-2024-3094 | https://github.com/gustavorobertux/CVE-2024-3094 | POC详情 |
| 36 | None | https://github.com/ackemed/detectar_cve-2024-3094 | POC详情 |
| 37 | XZ Backdoor Extract | https://github.com/0xlane/xz-cve-2024-3094 | POC详情 |
| 38 | None | https://github.com/dah4k/CVE-2024-3094 | POC详情 |
| 39 | Script en bash para revisar si tienes la vulnerabilidad CVE-2024-3094. | https://github.com/hackingetico21/revisaxzutils | POC详情 |
| 40 | CVE-2024-3094 XZ Backdoor Detector | https://github.com/devjanger/CVE-2024-3094-XZ-Backdoor-Detector | POC详情 |
| 41 | Detectar CVE-2024-3094 | https://github.com/ScrimForever/CVE-2024-3094 | POC详情 |
| 42 | CVE-2024-3094 - Checker (fix for arch etc) | https://github.com/pentestfunctions/CVE-2024-3094 | POC详情 |
| 43 | Dockerfile and Kubernetes manifests for reproduce CVE-2024-3094 | https://github.com/r0binak/xzk8s | POC详情 |
| 44 | apocalypxze: xz backdoor (2024) AKA CVE-2024-3094 related links | https://github.com/przemoc/xz-backdoor-links | POC详情 |
| 45 | Our current information about the CVE-2024-3094 backdoor. | https://github.com/CyberGuard-Foundation/CVE-2024-3094 | POC详情 |
| 46 | Collection of Detection, Fix, and exploit for CVE-2024-3094 | https://github.com/Security-Phoenix-demo/CVE-2024-3094-fix-exploits | POC详情 |
| 47 | This is a container environment running CVE-2024-3094 sshd backdoor instance, working with https://github.com/amlweems/xzbot project. IT IS NOT Docker, just implemented by chroot. | https://github.com/MagpieRYL/CVE-2024-3094-backdoor-env-container | POC详情 |
| 48 | Verify if your installed version of xz-utils is vulnerable to CVE-2024-3094 backdoor | https://github.com/Bella-Bc/xz-backdoor-CVE-2024-3094-Check | POC详情 |
| 49 | The repository consists of a checker file that confirms if your xz version and xz-utils package is vulnerable to CVE-2024-3094. | https://github.com/TheTorjanCaptain/CVE-2024-3094-Checker | POC详情 |
| 50 | The CVE-2024-3094 Checker is a Bash tool for identifying if Linux systems are at risk from the CVE-2024-3094 flaw in XZ/LZMA utilities. It checks XZ versions, SSHD's LZMA linkage, and scans for specific byte patterns, delivering results in a concise table format. | https://github.com/iheb2b/CVE-2024-3094-Checker | POC详情 |
| 51 | A tutorial on how to detect the CVE 2024-3094 | https://github.com/felipecosta09/cve-2024-3094 | POC详情 |
| 52 | Scans liblzma from xu-utils for backdoor (CVE-2024-3094) | https://github.com/weltregie/liblzma-scan | POC详情 |
| 53 | Ansible playbooks designed to check and remediate CVE-2024-3094 (XZ Backdoor) | https://github.com/crfearnworks/ansible-CVE-2024-3094 | POC详情 |
| 54 | A small repo with a single playbook. | https://github.com/robertdebock/ansible-playbook-cve-2024-3094 | POC详情 |
| 55 | An Ansible Role that installs the xz backdoor (CVE-2024-3094) on a Debian host and optionally installs the xzbot tool. | https://github.com/badsectorlabs/ludus_xz_backdoor | POC详情 |
| 56 | Scan for files containing the signature from the `xz` backdoor (CVE-2024-3094) | https://github.com/Juul/xz-backdoor-scan | POC详情 |
| 57 | None | https://github.com/drdry2/CVE-2024-3094-EXPLOIT | POC详情 |
| 58 | La siguiente regla YARA ayuda a detectar la presencia del backdoor en la librería liblzma comprometida en sistemas que utilizan las versiones 5.6.0 y 5.6.1 de la herramienta de compresión XZ. | https://github.com/fevar54/Detectar-Backdoor-en-liblzma-de-XZ-utils-CVE-2024-3094- | POC详情 |
| 59 | None | https://github.com/AlexDoe11/CVE-2024-3094-EXPLOIT | POC详情 |
| 60 | XZ Utils CVE-2024-3094 POC for Kubernetes | https://github.com/neuralinhibitor/xzwhy | POC详情 |
| 61 | Basic POC to test CVE-2024-3094 | https://github.com/shefirot/CVE-2024-3094 | POC详情 |
| 62 | SSH EXPLOIT BYPASS AUTH SSH | https://github.com/DANO-AMP/CVE-2024-3094 | POC详情 |
| 63 | GNU IFUNC is the real culprit behind CVE-2024-3094 | https://github.com/robertdfrench/ifuncd-up | POC详情 |
| 64 | Just a script to test if xz is vulnerable to the cve 2024-3094. | https://github.com/yq93dskimzm2/CVE-2024-3094 | POC详情 |
| 65 | Presentazione per il corsi di sicurezza Informatica sulla vulnerabilità CVE-2024-3094 | https://github.com/AndreaCicca/Sicurezza-Informatica-Presentazione | POC详情 |
| 66 | CVE-2024-3094 (XZ Backdoor) Tools | https://github.com/XiaomingX/cve-2024-3094-xz-backdoor-exploit | POC详情 |
| 67 | Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library. | https://github.com/projectdiscovery/nuclei-templates/blob/main/code/cves/2024/CVE-2024-3094.yaml | POC详情 |
| 68 | CVE-2024-3094 실습 환경 구축 및 보고 | https://github.com/been22426/CVE-2024-3094 | POC详情 |
| 69 | Shell scripts to identify and fix installations of xz-utils affected by the CVE-2024-3094 vulnerability. Versions 5.6.0 and 5.6.1 of xz-utils are known to be vulnerable, and this script aids in detecting them and optionally downgrading to a stable, un-compromised version (5.4.6) or upgrading to latest version. Added Ansible Playbook | https://github.com/gensecaihq/CVE-2024-3094-Vulnerability-Checker-Fixer | POC详情 |
| 70 | Ansible playbooks designed to check and remediate CVE-2024-3094 (XZ Backdoor) | https://github.com/KaminaDuck/ansible-CVE-2024-3094 | POC详情 |
| 71 | It was determined that malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. # It was determined that only certain operating systems and operating system versions were affected by this vulnerability. | https://github.com/laxmikumari615/Linux---Security---Detect-and-Mitigate-CVE-2024-3094 | POC详情 |
| 72 | A XZ backdoor vulnerability explained in details | https://github.com/valeriot30/cve-2024-3094 | POC详情 |
| 73 | Threat intelligence report analyzing the xz-utils backdoor vulnerability (CVE-2024-3094) | https://github.com/24Owais/threat-intel-cve-2024-3094 | POC详情 |
| 74 | CVE-2024-3094 | https://github.com/Dermot-lab/TryHack | POC详情 |
| 75 | Security analysis project: Real-world CVE breakdown | https://github.com/Ikram124/CVE-2024-3094-analysis | POC详情 |
| 76 | None | https://github.com/ykhurshudyan-blip/CVE-2024-3094 | POC详情 |
| 77 | CVE-2024-3094 exposed a backdoor in the XZ compression library, allowing remote SSH access by bypassing authentication. It’s a major supply chain attack affecting Linux systems, highlighting risks in trusted open-source components. | https://github.com/mrk336/CVE-2024-3094 | POC详情 |
| 78 | None | https://github.com/Titus-soc/-CVE-2024-3094-Vulnerability-Checker-Fixer-Public | POC详情 |
| 79 | Obsidian notes about CVE-2024-3094 | https://github.com/zpxlz/CVE-2024-3094 | POC详情 |
| 80 | Investigation into the XZ Utils backdoor (CVE-2024-3094): chronology, attack chain, risk to SSH, and supply-chain insights. Includes slides, sources, and mitigations (parity checks, attestations, or SBOMs, as well as SLSA) | https://github.com/M1lo25/CS50FinalProject | POC详情 |
| 81 | Script to obfuscate a payload the same way as it was done by the XZ utils attack (CVE-2024-3094) | https://github.com/ThomRgn/xzutils_backdoor_obfuscation | POC详情 |
暂无评论