XZ Utils Backdoor (CVE-2024-3094) : κ°μΈ λ ΈνΈ
Tech Worldλ XZ Utils λΌμ΄λΈλ¬λ¦¬μμ μ¨κ²¨μ§ λ°±λμ΄λ₯Ό λ°κ²¬νλ©΄μ ν₯λ―Έλ₯Ό λͺ¨μΌκ³ μμ΅λλ€. μ΄ λ°±λμ΄λ SSH RSA ν€μ μνΈ ν΄λ 곡μ μ μ‘°μνμ¬ κ³΅κ²©μκ° μμ€ν μ μμμ μ½λλ₯Ό μ€νν μ μκ² ν©λλ€. XZ Utils λ²μ 5.6.0 λ° 5.6.1μμ λ¬Έμ κ° λ°κ²¬λμμΌλ©°, μ½ ν λ¬ λμ μνλμμ΅λλ€.
XZ Utils Backdoor (CVE-2024-3094): Personal Notes
Tech World is interested in discovering hidden backdoores in the XZ UTILS library.This backdoor manipulates the password detoxification process of the SSH RSA key, allowing the attacker to run any code on the system.Problems were found in the XZ UTILS version 5.6.0 and 5.6.1 and circulated for about a month.
https://marcoramilli.com/2024/04/03/xz-utils-backdoor-cve-2024-3094-personal-notes/