POC详情: 2446f2400044169b761144a3c536cc41d761dfd0

来源
https://github.com/Bella-Bc/xz-backdoor-CVE-2024-3094-Check
关联漏洞
标题: xz 安全漏洞 (CVE-2024-3094)
描述:xz是一个应用软件。用于支持读取和写入xz压缩流。 XZ Utils 5.6.0版本和5.6.1版本存在安全漏洞,该漏洞源于允许攻击者嵌入恶意代码。
描述
Verify if your installed version of xz-utils is vulnerable to CVE-2024-3094 backdoor
介绍
# xz-backdoor-CVE-2024-3094-Check
Verify if your installed version of xz-utils is vulnerable to CVE-2024-3094 backdoor. This check is for Kali Linux or other Debian based installs.

## Usage
```
git https://github.com/Bella-Bc/xz-backdoor-CVE-2024-3094-Check.git
cd xz-backdoor-CVE-2024-3094-Check
chmod +x check_xz_utils_CVE-2024-3094.sh
./check_xz_utils_CVE-2024-3094.sh
```
![exampleTest_xz-backdoor](https://github.com/Bella-Bc/xz-backdoor-CVE-2024-3094-Check/assets/10534659/0adb1418-3844-4540-9382-9937a5c51d52)


## References
https://www.kali.org/blog/about-the-xz-backdoor/ <br><br>
https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27<br><br>
https://arstechnica.com/security/2024/04/what-we-know-about-the-xz-utils-backdoor-that-almost-infected-the-world/

## CVE Overview
![overview](https://cdn.arstechnica.net/wp-content/uploads/2024/04/xz-backdoor-graphic-thomas-roccia-scaled.jpg)
文件快照

 [4.0K]  /data/pocs/2446f2400044169b761144a3c536cc41d761dfd0
├── [ 662]  check_xz_utils_CVE-2024-3094.sh
└── [ 912]  README.md

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。