Xz: malicious code in distributed source 漏洞信息(CVE-2024-3094)

一、漏洞 CVE-2024-3094 基础信息

漏洞信息

                                        # Xz：分布式源代码中的恶意代码

## 漏洞概述
恶意代码在 xz 的上游 tarballs 中被发现，影响从 5.6.0 版本开始。通过一系列复杂的混淆手段，liblzma 构建过程中会从一个伪装的测试文件中提取出一个预构建的对象文件，并修改 liblzma 代码中的特定功能。这会导致一个修改过的 liblzma 库，进而拦截和修改所有与此库进行数据交互的软件。

## 影响版本
- 5.6.0 及以上版本

## 漏洞细节
1. 恶意代码存在于 xz 的上游 tarballs 中。
2. 通过复杂混淆手段，liblzma 的构建过程会从一个伪装成测试文件的文件中提取出预构建的对象文件。
3. 该对象文件用于修改 liblzma 代码中的特定功能。
4. 修改后生成的 liblzma 库可以拦截和修改与该库进行数据交互的所有软件。

## 漏洞影响
- 会导致一个修改后的 liblzma 库，任何与该库进行数据交互的软件都会受到影响。
- 可以拦截和修改数据交互，从而可能引发数据泄露或其他安全问题。

提示

尽管我们采用了先进的大模型技术，但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确，但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利！

漏洞标题

Xz: malicious code in distributed source

来源：美国国家漏洞数据库 NVD

漏洞描述信息

Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.

来源：美国国家漏洞数据库 NVD

CVSS信息

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

来源：美国国家漏洞数据库 NVD

漏洞类别

内嵌的恶意代码

来源：美国国家漏洞数据库 NVD

漏洞标题

xz 安全漏洞

来源：中国国家信息安全漏洞库 CNNVD

漏洞描述信息

xz是一个应用软件。用于支持读取和写入xz压缩流。 XZ Utils 5.6.0版本和5.6.1版本存在安全漏洞，该漏洞源于允许攻击者嵌入恶意代码。

来源：中国国家信息安全漏洞库 CNNVD

CVSS信息

N/A

来源：中国国家信息安全漏洞库 CNNVD

漏洞类别

其他

来源：中国国家信息安全漏洞库 CNNVD

二、漏洞 CVE-2024-3094 的公开POC

#	POC 描述	源链接	神龙链接
1	Information for CVE-2024-3094	https://github.com/byinarie/CVE-2024-3094-info	POC详情
2	Quick and dirty PoC for checking whether a vulnerable version of xz-utils is installed (CVE-2024-3094)	https://github.com/FabioBaroni/CVE-2024-3094-checker	POC详情
3	Verify that your XZ Utils version is not vulnerable to CVE-2024-3094	https://github.com/lypd0/CVE-2024-3094-Vulnerabity-Checker	POC详情
4	None	https://github.com/OpensourceICTSolutions/xz_utils-CVE-2024-3094	POC详情
5	Script to detect CVE-2024-3094.	https://github.com/bioless/xz_cve-2024-3094_detection	POC详情
6	This repository contains a Bash script and a one-liner command to verify if a system is running a vulnerable version of the "xz" utility, as specified by CVE-2024-3094.	https://github.com/Hacker-Hermanos/CVE-2024-3094_xz_check	POC详情
7	None	https://github.com/Fractal-Tess/CVE-2024-3094	POC详情
8	None	https://github.com/wgetnz/CVE-2024-3094-check	POC详情
9	History of commits related to the xz backdoor Discovered On March 29, 2024: CVE-2024-3094.	https://github.com/emirkmo/xz-backdoor-github	POC详情
10	xz exploit to privilege escalation in Linux	https://github.com/Jooose001/CVE-2024-3094-EXPLOIT	POC详情
11	None	https://github.com/ashwani95/CVE-2024-3094	POC详情
12	Checker for CVE-2024-3094 where malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code.	https://github.com/harekrishnarai/xz-utils-vuln-checker	POC详情
13	K8S and Docker Vulnerability Check for CVE-2024-3094	https://github.com/teyhouse/CVE-2024-3094	POC详情
14	This project contains a shell script designed to help users identify and fix installations of xz-utils affected by the CVE-2024-3094 vulnerability. Versions 5.6.0 and 5.6.1 of xz-utils are known to be vulnerable, and this script aids in detecting them and optionally downgrading to a stable, un-compromised version (5.4.6).	https://github.com/alokemajumder/CVE-2024-3094-Vulnerability-Checker-Fixer	POC详情
15	None	https://github.com/Horizon-Software-Development/CVE-2024-3094	POC详情
16	None	https://github.com/hazemkya/CVE-2024-3094-checker	POC详情
17	An ssh honeypot with the XZ backdoor. CVE-2024-3094	https://github.com/lockness-Ko/xz-vulnerable-honeypot	POC详情
18	None	https://github.com/brinhosa/CVE-2024-3094-One-Liner	POC详情
19	CVE-2024-3094	https://github.com/isuruwa/CVE-2024-3094	POC详情
20	None	https://github.com/k4t3pr0/Check-CVE-2024-3094	POC详情
21	A script to detect if xz is vulnerable - CVE-2024-3094	https://github.com/Yuma-Tsushima07/CVE-2024-3094	POC详情
22	None	https://github.com/jfrog/cve-2024-3094-tools	POC详情
23	None	https://github.com/krascovict/OSINT---CVE-2024-3094-	POC详情
24	Ansible playbook for patching CVE-2024-3094	https://github.com/Simplifi-ED/CVE-2024-3094-patcher	POC详情
25	None	https://github.com/gayatriracha/CVE-2024-3094-Nmap-NSE-script	POC详情
26	None	https://github.com/Mustafa1986/CVE-2024-3094	POC详情
27	XZ-Utils工具库恶意后门植入漏洞(CVE-2024-3094)	https://github.com/MrBUGLF/XZ-Utils_CVE-2024-3094	POC详情
28	None	https://github.com/galacticquest/cve-2024-3094-detect	POC详情
29	None	https://github.com/zgimszhd61/cve-2024-3094-detect-tool	POC详情
30	None	https://github.com/mightysai1997/CVE-2024-3094-info	POC详情
31	None	https://github.com/mightysai1997/CVE-2024-3094	POC详情
32	CVE-2024-3094	https://github.com/mesutgungor/xz-backdoor-vulnerability	POC详情
33	Obsidian notes about CVE-2024-3094	https://github.com/reuteras/CVE-2024-3094	POC详情
34	notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)	https://github.com/amlweems/xzbot	POC详情
35	Checker - CVE-2024-3094	https://github.com/gustavorobertux/CVE-2024-3094	POC详情
36	None	https://github.com/ackemed/detectar_cve-2024-3094	POC详情
37	XZ Backdoor Extract	https://github.com/0xlane/xz-cve-2024-3094	POC详情
38	None	https://github.com/dah4k/CVE-2024-3094	POC详情
39	Script en bash para revisar si tienes la vulnerabilidad CVE-2024-3094.	https://github.com/hackingetico21/revisaxzutils	POC详情
40	CVE-2024-3094 XZ Backdoor Detector	https://github.com/devjanger/CVE-2024-3094-XZ-Backdoor-Detector	POC详情
41	Detectar CVE-2024-3094	https://github.com/ScrimForever/CVE-2024-3094	POC详情
42	CVE-2024-3094 - Checker (fix for arch etc)	https://github.com/pentestfunctions/CVE-2024-3094	POC详情
43	Dockerfile and Kubernetes manifests for reproduce CVE-2024-3094	https://github.com/r0binak/xzk8s	POC详情
44	apocalypxze: xz backdoor (2024) AKA CVE-2024-3094 related links	https://github.com/przemoc/xz-backdoor-links	POC详情
45	Our current information about the CVE-2024-3094 backdoor.	https://github.com/CyberGuard-Foundation/CVE-2024-3094	POC详情
46	Collection of Detection, Fix, and exploit for CVE-2024-3094	https://github.com/Security-Phoenix-demo/CVE-2024-3094-fix-exploits	POC详情
47	This is a container environment running CVE-2024-3094 sshd backdoor instance, working with https://github.com/amlweems/xzbot project. IT IS NOT Docker, just implemented by chroot.	https://github.com/MagpieRYL/CVE-2024-3094-backdoor-env-container	POC详情
48	Verify if your installed version of xz-utils is vulnerable to CVE-2024-3094 backdoor	https://github.com/Bella-Bc/xz-backdoor-CVE-2024-3094-Check	POC详情
49	The repository consists of a checker file that confirms if your xz version and xz-utils package is vulnerable to CVE-2024-3094.	https://github.com/TheTorjanCaptain/CVE-2024-3094-Checker	POC详情
50	The CVE-2024-3094 Checker is a Bash tool for identifying if Linux systems are at risk from the CVE-2024-3094 flaw in XZ/LZMA utilities. It checks XZ versions, SSHD's LZMA linkage, and scans for specific byte patterns, delivering results in a concise table format.	https://github.com/iheb2b/CVE-2024-3094-Checker	POC详情
51	A tutorial on how to detect the CVE 2024-3094	https://github.com/felipecosta09/cve-2024-3094	POC详情
52	Scans liblzma from xu-utils for backdoor (CVE-2024-3094)	https://github.com/weltregie/liblzma-scan	POC详情
53	Ansible playbooks designed to check and remediate CVE-2024-3094 (XZ Backdoor)	https://github.com/crfearnworks/ansible-CVE-2024-3094	POC详情
54	A small repo with a single playbook.	https://github.com/robertdebock/ansible-playbook-cve-2024-3094	POC详情
55	An Ansible Role that installs the xz backdoor (CVE-2024-3094) on a Debian host and optionally installs the xzbot tool.	https://github.com/badsectorlabs/ludus_xz_backdoor	POC详情
56	Scan for files containing the signature from the `xz` backdoor (CVE-2024-3094)	https://github.com/Juul/xz-backdoor-scan	POC详情
57	None	https://github.com/drdry2/CVE-2024-3094-EXPLOIT	POC详情
58	La siguiente regla YARA ayuda a detectar la presencia del backdoor en la librería liblzma comprometida en sistemas que utilizan las versiones 5.6.0 y 5.6.1 de la herramienta de compresión XZ.	https://github.com/fevar54/Detectar-Backdoor-en-liblzma-de-XZ-utils-CVE-2024-3094-	POC详情
59	None	https://github.com/AlexDoe11/CVE-2024-3094-EXPLOIT	POC详情
60	XZ Utils CVE-2024-3094 POC for Kubernetes	https://github.com/neuralinhibitor/xzwhy	POC详情
61	Basic POC to test CVE-2024-3094	https://github.com/shefirot/CVE-2024-3094	POC详情
62	SSH EXPLOIT BYPASS AUTH SSH	https://github.com/DANO-AMP/CVE-2024-3094	POC详情
63	GNU IFUNC is the real culprit behind CVE-2024-3094	https://github.com/robertdfrench/ifuncd-up	POC详情
64	Just a script to test if xz is vulnerable to the cve 2024-3094.	https://github.com/yq93dskimzm2/CVE-2024-3094	POC详情
65	Presentazione per il corsi di sicurezza Informatica sulla vulnerabilità CVE-2024-3094	https://github.com/AndreaCicca/Sicurezza-Informatica-Presentazione	POC详情
66	CVE-2024-3094 (XZ Backdoor) Tools	https://github.com/XiaomingX/cve-2024-3094-xz-backdoor-exploit	POC详情
67	Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.	https://github.com/projectdiscovery/nuclei-templates/blob/main/code/cves/2024/CVE-2024-3094.yaml	POC详情
68	CVE-2024-3094 실습 환경 구축 및 보고	https://github.com/been22426/CVE-2024-3094	POC详情
69	Shell scripts to identify and fix installations of xz-utils affected by the CVE-2024-3094 vulnerability. Versions 5.6.0 and 5.6.1 of xz-utils are known to be vulnerable, and this script aids in detecting them and optionally downgrading to a stable, un-compromised version (5.4.6) or upgrading to latest version. Added Ansible Playbook	https://github.com/gensecaihq/CVE-2024-3094-Vulnerability-Checker-Fixer	POC详情
70	Ansible playbooks designed to check and remediate CVE-2024-3094 (XZ Backdoor)	https://github.com/KaminaDuck/ansible-CVE-2024-3094	POC详情
71	It was determined that malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. # It was determined that only certain operating systems and operating system versions were affected by this vulnerability.	https://github.com/laxmikumari615/Linux---Security---Detect-and-Mitigate-CVE-2024-3094	POC详情
72	A XZ backdoor vulnerability explained in details	https://github.com/valeriot30/cve-2024-3094	POC详情
73	Threat intelligence report analyzing the xz-utils backdoor vulnerability (CVE-2024-3094)	https://github.com/24Owais/threat-intel-cve-2024-3094	POC详情
74	CVE-2024-3094	https://github.com/Dermot-lab/TryHack	POC详情
75	Security analysis project: Real-world CVE breakdown	https://github.com/Ikram124/CVE-2024-3094-analysis	POC详情
76	None	https://github.com/ykhurshudyan-blip/CVE-2024-3094	POC详情
77	CVE-2024-3094 exposed a backdoor in the XZ compression library, allowing remote SSH access by bypassing authentication. It’s a major supply chain attack affecting Linux systems, highlighting risks in trusted open-source components.	https://github.com/mrk336/CVE-2024-3094	POC详情

三、漏洞 CVE-2024-3094 的情报信息

四、漏洞 CVE-2024-3094 的评论

暂无评论

一、 漏洞 CVE-2024-3094 基础信息

漏洞信息

提示

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

二、漏洞 CVE-2024-3094 的公开POC

三、漏洞 CVE-2024-3094 的情报信息

四、漏洞 CVE-2024-3094 的评论

发表评论

一、漏洞 CVE-2024-3094 基础信息