Vakaona backdoor muXZ utility inobata akati wandei Linux distros

kumashure

A backdoor inobata Linux

Munguva pfupi yapfuura nhau dzakabvarura izvo backdoor yakaonekwa muXZ Utils package iyo inobvumira vanorwisa tora uye gadzirisa data yakagadziriswa nemaapplication akabatana neliblzma raibhurari. Kusagadzikana kukuru (kwakatonyorwa pasi peCVE-2024-3094) Inowanikwa pane OpenSSH server, iyo mune kumwe kugovera inoshandisa libsystemd raibhurari, iyo inozoenderana ne liblzma. Nekubatanidza sshd neshanduro isina njodzi ye liblzma, vanorwisa vanogona kuwana iyo SSH server pasina humbowo.

Kuwanikwa kubva kumashure kweiyo XZ Utils chirongwa yakaitika mushure mekuonekwa kwezvinetso zvakadai sekunyanyisa kushandisa CPU uye zvikanganiso zvinogadzirwa nevalgrind kana uchibatanidza kuDebian sid based system kuburikidza neSSH. Nyaya idzi dzakaita kuti paitwe ongororo yakadzama yakaratidza kuvepo kwebackdoor.

Vanopomerwa Backdoor munyori Jia Tan aive anoshanda uye anoremekedzwa mugadziri weiyo xz purojekiti, ine chinzvimbo che "co-maitainer" kwemakore akati wandei uye mipiro yakakosha mukuvandudzwa kweshanduro dzakati wandei. Pamusoro peiyo xz purojekiti, akapawo kune mamwe ane hukama mapakeji akadai se xz-java uye xz-yakadzamidzirwa. Yakanga ichangobva kuverengerwa pakati pevagadziri veiyo XZ Embedded purojekiti inoshandiswa muLinux kernel.

Shanduko yakaipa yakawanikwa mushure mekunyunyuta pamusoro penyaya neiyo xz 5.6.0 vhezheni, iyo yaisanganisira yekuseri, senge slowdowns uye sshd kubondera. Shanduro inotevera, xz 5.6.1, yaisanganisira shanduko dzakagadzirirwa naJia Tan mukupindura zvichemo izvi, iyo yaigona kunge iri nzira yekuvhara kuvapo kwebackdoor.

Uyezve, zvinotaurwa kuti Jia Tan akaita shanduko dzisingaenderani ne "-fsanitize = kero" yekuongorora maitiro gore rapfuura, iyo lzvakakonzera kudzimwa kwekuyedzwa kwefuzz panguva iyoyo. Aya maratidziro anoratidza kuti kuunzwa kwebackdoor yaive yakarongwa uye yakavanzika chiitiko mukati mekuvandudzwa kweprojekiti, iyo inogona kunge yakakanganisa nhamba isingazivikanwe yevashandisi nemapurojekiti vachishandisa XZ Utils.

Kunyangwe izvi kusagadzikana kunokanganisa x86_64 masisitimu akavakirwa paLinux kernel uye iyo Glibc C raibhurari. iyo inosanganisira sshd ine libsystemd kutsigira sd_notify michina, Zvinhu zvakawanda zvakaderedza kukanganisa. Semuyenzaniso, iyo vhezheni ye liblzma ine backdoor haina kuverengerwa mukuburitswa kwakagadzika kwekugovewa kukuru, uye kumwe kugoverwa kwakadai seArch Linux neGentoo vakashandisa vhezheni isina njodzi ye xz asi haibatike kurwisa nekuda kwekumwe magadzirirwo.

Zvinotaurwa kuti activation yebackdoor yaive yakavanzwa mum4 macros mune build-to-host.m4 faira. inoshandiswa panguva yekubatanidza, ichibvumira kodhi yakaipa kuti iiswe muraibhurari ye liblzma. Iyi kodhi ine hutsinye yakagadziridza maitiro ekushanda emamwe mabasa muraibhurari, kufambisa kusingatenderwe kuwana kune SSH server pane dzakakanganisika masisitimu.

Maitiro ekushandisa iyo yekumashure muXZ Utils package Zvaisanganisira matanho akati wandei uye matekiniki ekuvanza kuvepo kwayo uye activation. m4 macros akashandiswa mukuvaka-ku-host.m4 faira panguva yekubatanidza kuunza iyo yakaipa kodhi muraibhurari ye liblzma. Aya macros aivepo mukuburitswa kwetar mafaira, asi kwete muGit repository, uye akawedzerwa kune .gitignore. Pamusoro pezvo, mafaera ekuyedza ane hutsinye akaverengerwa mune repository, zvichipa mukana wekuwana mukana wekuburitsa kuburitswa maitiro.

Iyo yekumashure yakavhurwa nekuita murairo /usr/sbin/sshd uye yakanga yakavanzwa munzvimbo dzisina kugadziriswa kana kugadzirwa, kudzivirira kuonekwa pamaterminals. Iyo RSA_public_decrypt basa rakagadzirwa kuti ripfuure iyo sshd yekusimbisa maitiro, ichibvumira vanorwisa kuti vawane mukana usina mvumo kune SSH server.

Kuti uwedzere kuvanza kuvepo kweiyo backdoor, nzira dzekudzivirira pakuonekwa dzakabatanidzwa uye kuurayiwa kwakasimbiswa munzvimbo dzedebugging. Zvese izvi zvinoratidza danho repamusoro rekuronga uye ruzivo rwehunyanzvi kune avo vane basa rekuseri kwemba kunzvenga kuonekwa uye kuita kurwisa kwakabudirira pamasisitimu akakanganisika.

Kana iwe uchida kuziva zvakawanda nezvazvo, unogona kubvunza ruzivo Mune inotevera chinongedzo.


Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa. Raida minda anozivikanwa ne *

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako