POC详情: cc87a733248fe5d787506ff10ec7d43dc1c311e0

来源
https://github.com/wgetnz/CVE-2024-3094-check
关联漏洞
标题: xz 安全漏洞 (CVE-2024-3094)
描述:xz是一个应用软件。用于支持读取和写入xz压缩流。 XZ Utils 5.6.0版本和5.6.1版本存在安全漏洞,该漏洞源于允许攻击者嵌入恶意代码。
介绍
# CVE-2024-3094 vul check tools

This vulnerability allows an attacker to log into the server and execute arbitrary code without passing SSH authentication. For details, please see: https://www.openwall.com/lists/oss-security/2024/03/29/4

use
```bash
curl -fsSL https://raw.githubusercontent.com/wgetnz/CVE-2024-3094-check/main/CVE-2024-3094-check.sh| bash
```
OR
```bash
curl -fsSL  https://github.freedns.uk/https://raw.githubusercontent.com/wgetnz/CVE-2024-3094-check/main/CVE-2024-3094-check.sh| bash 
```

If your host is offline, please use the following command

For Debian/Ubuntu:
```bash
apt list --installed 2>&1 | grep xz | grep -E '5.6.0|5.6.1' && echo "Check your system now" || echo "Everything is ok"
```

For macOS:
```bash
brew info xz | grep xz | grep -E '5.6.0|5.6.1' && echo 'Check your system now' || echo 'Everything is ok'
```

How to fix:
Just downgrade xz-utils

macOS fix:
brew install xz

If you have any questions, please issue, If this project helps you, please give me a star
文件快照

 [4.0K]  /data/pocs/cc87a733248fe5d787506ff10ec7d43dc1c311e0
├── [ 954]  CVE-2024-3094-check.sh
└── [1007]  README.md

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。