The Press Stories
A Supply Chain Attack on Major Linux Distributions Discovered by Microsoft Engineer
In a recent development, major Linux distributions have been impacted by a supply chain attack involving the XZ Utils data compression library. The backdoor was discovered by a Microsoft software engineer in version 5.6.0, which was released in February 2024.
Shortly after the discovery, version 5.6.1 was released with updated malicious code that intercepts and modifies data interaction. Red Hat has tracked the issue as CVE-2024-3094, giving it a CVSS score of 10/10.
The potential impact of this attack is significant, as attackers could gain access to systems by breaking sshd authentication. Linux distributions affected include Fedora, openSUSE, Kali Linux, and Arch Linux. However, Debian and Ubuntu stable releases are not affected, and other distributions like Amazon Linux, Alpine Linux, Gentoo Linux, and Linux Mint are also safe.
To help combat this issue, Binarly has released a free backdoor detector called XZ.fail to detect the malicious code. Additionally, security researchers have provided a script to scan systems for the backdoored library.
In response to the attack, the US cybersecurity agency CISA has advised users to downgrade XZ Utils to a clean version and check for any malicious activity. This incident serves as a reminder of the importance of staying vigilant against supply chain attacks and regularly updating software to ensure the security of systems.
