underisk [none/use name] to technology • 9 months agoAnalysis of bash-stage obfuscation used to hide the liblzma/xz backdoorexternal-linkmessage-square2 fedilinkarrow-up113file-text
arrow-up113external-linkAnalysis of bash-stage obfuscation used to hide the liblzma/xz backdoorunderisk [none/use name] to technology • 9 months agomessage-square2 Commentsfedilinkfile-text
payload appears to have been hidden in test data then decrypted and injected during the build process.
minus-squareaddie@feddit.ukhexbear3·9 months agoOkay - so it was cleverly hidden. Real question is what the binary blob does, so we can properly assess the damage... linkfedilink
minus-squareunderisk [none/use name]hexagonhexbear2·9 months agoPreliminary stuff I read yesterday suggests that it’s RCE triggered by a signal sent to SSHD. Safest bet is to nuke your system if you had the exploitable library running with an exposed sshd. link
Okay - so it was cleverly hidden. Real question is what the binary blob does, so we can properly assess the damage...
Preliminary stuff I read yesterday suggests that it’s RCE triggered by a signal sent to SSHD. Safest bet is to nuke your system if you had the exploitable library running with an exposed sshd.