一、 漏洞 CVE-2024-3094 基础信息
漏洞信息
# Xz:分布式源代码中的恶意代码

## 漏洞概述
恶意代码在 xz 的上游 tarballs 中被发现,影响从 5.6.0 版本开始。通过一系列复杂的混淆手段,liblzma 构建过程中会从一个伪装的测试文件中提取出一个预构建的对象文件,并修改 liblzma 代码中的特定功能。这会导致一个修改过的 liblzma 库,进而拦截和修改所有与此库进行数据交互的软件。

## 影响版本
- 5.6.0 及以上版本

## 漏洞细节
1. 恶意代码存在于 xz 的上游 tarballs 中。
2. 通过复杂混淆手段,liblzma 的构建过程会从一个伪装成测试文件的文件中提取出预构建的对象文件。
3. 该对象文件用于修改 liblzma 代码中的特定功能。
4. 修改后生成的 liblzma 库可以拦截和修改与该库进行数据交互的所有软件。

## 漏洞影响
- 会导致一个修改后的 liblzma 库,任何与该库进行数据交互的软件都会受到影响。
- 可以拦截和修改数据交互,从而可能引发数据泄露或其他安全问题。
备注
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
Xz: malicious code in distributed source
来源:美国国家漏洞数据库 NVD
漏洞描述信息
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.
来源:美国国家漏洞数据库 NVD
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
来源:美国国家漏洞数据库 NVD
漏洞类别
内嵌的恶意代码
来源:美国国家漏洞数据库 NVD
漏洞标题
xz 安全漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
xz是一个应用软件。用于支持读取和写入xz压缩流。 XZ Utils 5.6.0版本和5.6.1版本存在安全漏洞,该漏洞源于允许攻击者嵌入恶意代码。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
其他
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2024-3094 的公开POC
# POC 描述 源链接 神龙链接
1 Information for CVE-2024-3094 https://github.com/byinarie/CVE-2024-3094-info POC详情
2 Quick and dirty PoC for checking whether a vulnerable version of xz-utils is installed (CVE-2024-3094) https://github.com/FabioBaroni/CVE-2024-3094-checker POC详情
3 Verify that your XZ Utils version is not vulnerable to CVE-2024-3094 https://github.com/lypd0/CVE-2024-3094-Vulnerabity-Checker POC详情
4 None https://github.com/OpensourceICTSolutions/xz_utils-CVE-2024-3094 POC详情
5 Script to detect CVE-2024-3094. https://github.com/bioless/xz_cve-2024-3094_detection POC详情
6 This repository contains a Bash script and a one-liner command to verify if a system is running a vulnerable version of the "xz" utility, as specified by CVE-2024-3094. https://github.com/Hacker-Hermanos/CVE-2024-3094_xz_check POC详情
7 None https://github.com/Fractal-Tess/CVE-2024-3094 POC详情
8 None https://github.com/wgetnz/CVE-2024-3094-check POC详情
9 History of commits related to the xz backdoor Discovered On March 29, 2024: CVE-2024-3094. https://github.com/emirkmo/xz-backdoor-github POC详情
10 xz exploit to privilege escalation in Linux https://github.com/Jooose001/CVE-2024-3094-EXPLOIT POC详情
11 None https://github.com/ashwani95/CVE-2024-3094 POC详情
12 Checker for CVE-2024-3094 where malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. https://github.com/harekrishnarai/xz-utils-vuln-checker POC详情
13 K8S and Docker Vulnerability Check for CVE-2024-3094 https://github.com/teyhouse/CVE-2024-3094 POC详情
14 This project contains a shell script designed to help users identify and fix installations of xz-utils affected by the CVE-2024-3094 vulnerability. Versions 5.6.0 and 5.6.1 of xz-utils are known to be vulnerable, and this script aids in detecting them and optionally downgrading to a stable, un-compromised version (5.4.6). https://github.com/alokemajumder/CVE-2024-3094-Vulnerability-Checker-Fixer POC详情
15 None https://github.com/Horizon-Software-Development/CVE-2024-3094 POC详情
16 None https://github.com/hazemkya/CVE-2024-3094-checker POC详情
17 An ssh honeypot with the XZ backdoor. CVE-2024-3094 https://github.com/lockness-Ko/xz-vulnerable-honeypot POC详情
18 None https://github.com/brinhosa/CVE-2024-3094-One-Liner POC详情
19 CVE-2024-3094 https://github.com/isuruwa/CVE-2024-3094 POC详情
20 None https://github.com/k4t3pr0/Check-CVE-2024-3094 POC详情
21 A script to detect if xz is vulnerable - CVE-2024-3094 https://github.com/Yuma-Tsushima07/CVE-2024-3094 POC详情
22 None https://github.com/jfrog/cve-2024-3094-tools POC详情
23 None https://github.com/krascovict/OSINT---CVE-2024-3094- POC详情
24 Ansible playbook for patching CVE-2024-3094 https://github.com/Simplifi-ED/CVE-2024-3094-patcher POC详情
25 None https://github.com/gayatriracha/CVE-2024-3094-Nmap-NSE-script POC详情
26 None https://github.com/Mustafa1986/CVE-2024-3094 POC详情
27 XZ-Utils工具库恶意后门植入漏洞(CVE-2024-3094) https://github.com/MrBUGLF/XZ-Utils_CVE-2024-3094 POC详情
28 None https://github.com/galacticquest/cve-2024-3094-detect POC详情
29 None https://github.com/zgimszhd61/cve-2024-3094-detect-tool POC详情
30 None https://github.com/mightysai1997/CVE-2024-3094-info POC详情
31 None https://github.com/mightysai1997/CVE-2024-3094 POC详情
32 CVE-2024-3094 https://github.com/mesutgungor/xz-backdoor-vulnerability POC详情
33 Obsidian notes about CVE-2024-3094 https://github.com/reuteras/CVE-2024-3094 POC详情
34 notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094) https://github.com/amlweems/xzbot POC详情
35 Checker - CVE-2024-3094 https://github.com/gustavorobertux/CVE-2024-3094 POC详情
36 None https://github.com/ackemed/detectar_cve-2024-3094 POC详情
37 XZ Backdoor Extract https://github.com/0xlane/xz-cve-2024-3094 POC详情
38 None https://github.com/dah4k/CVE-2024-3094 POC详情
39 Script en bash para revisar si tienes la vulnerabilidad CVE-2024-3094. https://github.com/hackingetico21/revisaxzutils POC详情
40 CVE-2024-3094 XZ Backdoor Detector https://github.com/devjanger/CVE-2024-3094-XZ-Backdoor-Detector POC详情
41 Detectar CVE-2024-3094 https://github.com/ScrimForever/CVE-2024-3094 POC详情
42 CVE-2024-3094 - Checker (fix for arch etc) https://github.com/pentestfunctions/CVE-2024-3094 POC详情
43 Dockerfile and Kubernetes manifests for reproduce CVE-2024-3094 https://github.com/r0binak/xzk8s POC详情
44 apocalypxze: xz backdoor (2024) AKA CVE-2024-3094 related links https://github.com/przemoc/xz-backdoor-links POC详情
45 Our current information about the CVE-2024-3094 backdoor. https://github.com/CyberGuard-Foundation/CVE-2024-3094 POC详情
46 Collection of Detection, Fix, and exploit for CVE-2024-3094 https://github.com/Security-Phoenix-demo/CVE-2024-3094-fix-exploits POC详情
47 This is a container environment running CVE-2024-3094 sshd backdoor instance, working with https://github.com/amlweems/xzbot project. IT IS NOT Docker, just implemented by chroot. https://github.com/MagpieRYL/CVE-2024-3094-backdoor-env-container POC详情
48 Verify if your installed version of xz-utils is vulnerable to CVE-2024-3094 backdoor https://github.com/Bella-Bc/xz-backdoor-CVE-2024-3094-Check POC详情
49 The repository consists of a checker file that confirms if your xz version and xz-utils package is vulnerable to CVE-2024-3094. https://github.com/TheTorjanCaptain/CVE-2024-3094-Checker POC详情
50 The CVE-2024-3094 Checker is a Bash tool for identifying if Linux systems are at risk from the CVE-2024-3094 flaw in XZ/LZMA utilities. It checks XZ versions, SSHD's LZMA linkage, and scans for specific byte patterns, delivering results in a concise table format. https://github.com/iheb2b/CVE-2024-3094-Checker POC详情
51 A tutorial on how to detect the CVE 2024-3094 https://github.com/felipecosta09/cve-2024-3094 POC详情
52 Scans liblzma from xu-utils for backdoor (CVE-2024-3094) https://github.com/weltregie/liblzma-scan POC详情
53 Ansible playbooks designed to check and remediate CVE-2024-3094 (XZ Backdoor) https://github.com/crfearnworks/ansible-CVE-2024-3094 POC详情
54 A small repo with a single playbook. https://github.com/robertdebock/ansible-playbook-cve-2024-3094 POC详情
55 An Ansible Role that installs the xz backdoor (CVE-2024-3094) on a Debian host and optionally installs the xzbot tool. https://github.com/badsectorlabs/ludus_xz_backdoor POC详情
56 Scan for files containing the signature from the `xz` backdoor (CVE-2024-3094) https://github.com/Juul/xz-backdoor-scan POC详情
57 None https://github.com/drdry2/CVE-2024-3094-EXPLOIT POC详情
58 La siguiente regla YARA ayuda a detectar la presencia del backdoor en la librería liblzma comprometida en sistemas que utilizan las versiones 5.6.0 y 5.6.1 de la herramienta de compresión XZ. https://github.com/fevar54/Detectar-Backdoor-en-liblzma-de-XZ-utils-CVE-2024-3094- POC详情
59 None https://github.com/AlexDoe11/CVE-2024-3094-EXPLOIT POC详情
60 XZ Utils CVE-2024-3094 POC for Kubernetes https://github.com/neuralinhibitor/xzwhy POC详情
61 Basic POC to test CVE-2024-3094 https://github.com/shefirot/CVE-2024-3094 POC详情
62 SSH EXPLOIT BYPASS AUTH SSH https://github.com/DANO-AMP/CVE-2024-3094 POC详情
63 GNU IFUNC is the real culprit behind CVE-2024-3094 https://github.com/robertdfrench/ifuncd-up POC详情
64 Just a script to test if xz is vulnerable to the cve 2024-3094. https://github.com/yq93dskimzm2/CVE-2024-3094 POC详情
65 Presentazione per il corsi di sicurezza Informatica sulla vulnerabilità CVE-2024-3094 https://github.com/AndreaCicca/Sicurezza-Informatica-Presentazione POC详情
66 CVE-2024-3094 (XZ Backdoor) Tools https://github.com/XiaomingX/cve-2024-3094-xz-backdoor-exploit POC详情
67 Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library. https://github.com/projectdiscovery/nuclei-templates/blob/main/code/cves/2024/CVE-2024-3094.yaml POC详情
68 CVE-2024-3094 실습 환경 구축 및 보고 https://github.com/been22426/CVE-2024-3094 POC详情
三、漏洞 CVE-2024-3094 的情报信息