Linux Library XZ Vulnerability Scanner!

11 months ago
April 4, 2024
2 comments
59 views

+20

coolsport00
Veeam Legend
4139 comments

This past week, @JMeixner posted about the Linux XZ Vulnerability (CVE-2024-3094). You can read a bit more about it below:

Severe vulnarabiity in Linux library xz

A firmware security firm, Binarly, has since created a FREE online “scanner” to detect Linux executables impacted by the XZ Utils supply chain attack. You can read more details about the logic behind the scanner as well as download links from the article below:

https://www.bleepingcomputer.com/news/security/new-xz-backdoor-scanner-detects-implant-in-any-linux-binary/

Best.

+21

Chris.Childerhose
Veeam Legend, Veeam Vanguard
8492 comments
11 months ago
April 4, 2024

That was quite the vulnerability and great to see someone coming up with something like this to scan for it. Going to check it out and pass it along.

+8

dloseke
Veeam Vanguard
1447 comments
11 months ago
April 4, 2024

My understanding is that most people will not yet be on this version of XZ Utils. Indeed, my machines were much older. I used the below command to grab the version from my Ubuntu boxes as referenced here. Great to find a scanning tool as well...thanks for sharing Shane!

dpkg-query -l '*xz*'

Comment

Related topics

[SDK] [iOS] [Swift] [Crash] Intercom 13 and 14 crashesicon

The iOS intercom SDK (14.0.6) crashes whenever I try to present it using default present() method or present(.home) method. If I use present(.messages) it works fine. Previous versions of Intercom worked fine. Is this a known issue?icon

App crashes on user entering Intercom interface (iOS 17)icon

Crash on iOS 17 when opening a post from a push notification (Intercom version 17.0.0)icon

Intercom iOS SDK (14.0.6) crashicon

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded