来源

关联漏洞

描述

History of commits related to the xz backdoor Discovered On March 29, 2024: CVE-2024-3094.

介绍

# xz-backdoor-github
History of commits related to the xz backdoor Discovered On March 29, 2024: CVE-2024-3094.
Currently GitHub has taken down the repos for ToS violations. The purpose of this is to
faciliate security research of how this backdoor was snuck in over the course of 2 years of active contributions
and to search for other possible issues.
For background see: https://www.openwall.com/lists/oss-security/2024/03/29/4

## Datasets
Using ClickHouse's database of all repo events across GitHub ever, I created three datasets
of github events: the suspect users contributions, and one of all events in their shared project repo
that actually hosted the compromised releases.

Datasets are CSV files with a header row and a data type row, following
ClickHouse's [CSVWithNamesAndTypes](https://clickhouse.com/docs/en/interfaces/formats#csvwithnamesandtypes)
Format.

### Contributions: JiaT75

Contributions by prime sispect user JiaT75 (Jia Tan). 

File:
`jiaty75_github.csv`

### Tuukani-project Repos

GitHub events (commits, comments, etc.) from https://github.com/tukaani-project
filted to before discovery (as there are a lot of unserious comments/events after discovery)
file_time <= '2024-03-29 15:59:59'

File:
`tuukani_project_before_discovery.csv`

### Contributions: Larhzu

Suspect user Larhzu (Lasse Collins i.e. Lars Collins, Lasse being a nickname for Lars in Scandinavia)
was also suspended by GitHub and is the only other owner on the compromised project.

File:
`larhzu_github.csv`

文件快照

 [4.0K]  /data/pocs/58a19e51f4943dc8c4f5086dd1a76d8e2a4bba5d
├── [919K]  jiat75_github.csv
├── [470K]  larhzu_github.csv
├── [ 11K]  LICENSE
├── [4.0K]  out
│   ├── [ 38K]  jiat75_github.pdf
│   └── [ 33K]  larhzu_github.pdf
├── [1.7K]  plot.py
├── [1.5K]  README.md
└── [1.1M]  tukaani_project_before_discovery.csv

1 directory, 8 files

备注