关联漏洞
描述
Verify that your XZ Utils version is not vulnerable to CVE-2024-3094
介绍
# CVE-2024-3094-Vulnerabity-Checker
Verify that your XZ Utils version is not vulnerable to CVE-2024-3094
```
┌──(lypd0㉿kali)-[~]
└─$ ./CVE-2024-3094_checker.sh
___ _ _ ____ ___ ___ ___ __ ___ ___ ___ __
/ __)( \/ )( ___)___(__ \ / _ \(__ \ /. | ___(__ ) / _ \ / _ \ /. |
( (__ \ / )__)(___)/ _/( (_) )/ _/(_ _)(___)(_ \( (_) )\_ /(_ _)
\___) \/ (____) (____)\___/(____) (_) (___/ \___/ (_/ (_)
[*] You are NOT vulnerable to CVE-2024-3094.
```
## Background
CISA (Cybersecurity and Infrastructure Security Agency) and the open-source community have responded to reports of malicious code being embedded in XZ Utils versions 5.6.0 and 5.6.1. This activity has been assigned CVE-2024-3094.
XZ Utils is data compression software commonly present in Linux distributions. The presence of malicious code in these versions may allow unauthorized access to affected systems.
## Recommendation
CISA recommends developers and users to take the following actions if their systems are found to be vulnerable:
- **Downgrade XZ Utils**: If you are using version 5.6.0 or 5.6.1, downgrade to an uncompromised version, such as XZ Utils 5.4.6 Stable.
- **Hunt for Malicious Activity**: After downgrading, thoroughly search for any signs of malicious activity within your systems.
- **Report Findings**: If you detect any malicious activity or suspicious behavior, report your findings to CISA for further investigation.
文件快照
[4.0K] /data/pocs/48bff0a000edda8f90fedd58ac1732acfd6271aa
├── [1.2K] CVE-2024-3094_checker.py
├── [ 983] CVE-2024-3094_checker.sh
├── [1.0K] LICENSE
└── [1.4K] README.md
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。