Contents
The Technology section is published with the support of Favbet Tech
In the popular xz Utils package for lossless data compression and working with the format .xz discovered a backdoor A backdoor is a method of bypassing standard authentication procedures, allowing unauthorized remote access to a computer.
On Friday, users called for an immediate stop using Fedora 41 version 5.6.0 and Fedora Rawhide version 5.6.0 or 5.6.1 distributions.
There are suspicions regarding other distributions. However, there is no confirmation at this time.
ArsTechnica reported the details of the incident.
xz Utils
XZ Utils is a set of free data compression programs. Available in every Linux distribution and other Unix-like operating systems.
xz Utils provides critical functions for compressing and decompressing data during all types of operations.
Frontend course from Mate academy. A frontend developer can easily create side pages for a website or web add-on. Therefore, after the course, you will become a sought-after lawyer in the sphere that is developing. Information about the course
What happened?
The problem was first noticed by developer Andres Freund, who works on Microsoft's PostgreSQL offerings. He recently worked on Debian system performance issues with SSH, the most common protocol for remotely logging into devices over the Internet.
In particular, logging in via SSH was very CPU intensive and generated errors with valgrind, a memory monitoring utility.
Eventually he discovered that the problems were the result of xz Utils updates. The developer officially contacted the Open Source Security List and stated that the updates are the result of someone intentionally installing a backdoor in XZ Utils.
What the backdoor does?
Malicious code added to xz Utils version 5.6.0 and 5.6.1 has changed the way the software works during operations.
When these features enabled SSH, they allowed malicious code to be executed as root. It allows someone in possession of a predetermined encryption key to log into a backdoor system via SSH.
Frontend course from Mate academy. A frontend developer can easily create side pages for a website or web add-on. Therefore, after the course, you will become a sought-after lawyer in the sphere that is developing. Information about the course
This way the individual would have the same level of control as any authorized administrator.
The backdoor was created over the years
Experts noted that the creation of the backdoor took more than one year.
In 2021, user JiaT575 took part in an open source project for the first time.
In retrospect, the changes to the libarchive project are suspicious because they replaced the safe_fprint function with an option that had long been considered less secure. No one noticed it then.
The following year, JiaT575 submitted a fix to the xz Utils mailing list, and almost immediately a previously unknown member joined the discussion, claiming that xz Utils developer Lasse Collin had not updated the software for a long time.
Such pressure led to JiaT575 being added to the project.
In January 2023, he took part in development for the first time. And in the months that followed, he allegedly became more and more involved in the process.
- JiaT575 replaced Collins' contact information with his own in Microsoft's oss-fuzz, a project that scans open source software for signs of malicious intent.
- He also made sure to disable the ifunc feature during testing. This allowed the security system to ignore the changes made.
- In February 2024, JiaT575 issued commits for versions 5.6.0 and 5.6.1 xz Utils. Updates implemented a backdoor.
In the following weeks, Tan and others called on Ubuntu, Red Hat and Debian developers to add updates to system updates. And even some were supposed to be released soon.
The backdoor is implemented using a five-stage bootloader that uses a number of simple but clever methods to hide itself. It also provides a means to deliver new payloads without the need for major changes.
The Technology section is published with the support of Favbet Tech
Favbet Tech is IT a company with 100% Ukrainian DNA, which creates perfect services for iGaming and Betting using advanced technologies and provides access to them. Favbet Tech develops innovative software through a complex multi-component platform that can withstand enormous loads and create a unique experience for players. The IT company is part of the FAVBET group of companies.
The competition for ITS authors continues. Write an article about the development of games, gaming and gaming devices and win a professional gaming wheel Logitech G923 Racing Wheel, or one of the low-profile gaming keyboards Logitech G815 LIGHTSYNC RGB Mechanical Gaming Keyboard!