EddieOz on Nostr: There's a very critical vulnerability going around that has installed backdoors on ...
There's a very critical vulnerability going around that has installed backdoors on SSH servers.
If you have servers or systems on Linux, check if you're affected by running the command:
```$ hexdump -ve '1/1 "%.2x"' "/lib/x86_64-linux-gnu/liblzma.so.5" | grep -q f30f1efa554889f54c89ce5389fb81e7000000804883ec28488954241848894c2410```
(extracted from `detect.sh` provided by Andres Freund)
Kali and Fedora are generally affected. Debian and Ubuntu seem to be vulnerable only if dev/test repositories have been enabled.
More info here:
https://boehs.org/node/everything-i-know-about-the-xz-backdoorhttps://www.openwall.com/lists/oss-security/2024/03/29/4Published at
2024-03-30 13:02:51Event JSON
{
"id": "0aed1b783782542ea11b6fc90d24efcc5d0585a756d8c80e8d14d8731ac11bfa",
"pubkey": "eac630759e313832c4d0113b9e1082279fb0efa6a9ce81cda9e8a366b4988b48",
"created_at": 1711803771,
"kind": 1,
"tags": [
[
"nonce",
"18",
"4"
]
],
"content": "There's a very critical vulnerability going around that has installed backdoors on SSH servers.\n\nIf you have servers or systems on Linux, check if you're affected by running the command:\n```$ hexdump -ve '1/1 \"%.2x\"' \"/lib/x86_64-linux-gnu/liblzma.so.5\" | grep -q f30f1efa554889f54c89ce5389fb81e7000000804883ec28488954241848894c2410```\n(extracted from `detect.sh` provided by Andres Freund)\n\nKali and Fedora are generally affected. Debian and Ubuntu seem to be vulnerable only if dev/test repositories have been enabled.\n\nMore info here: \nhttps://boehs.org/node/everything-i-know-about-the-xz-backdoor\nhttps://www.openwall.com/lists/oss-security/2024/03/29/4",
"sig": "ab2808cb16fe334430b2450116e274d630483809711eb1f8bd4164d21f96b39d747b88d53ff21ca548bd02a45705369500c2460f58de0f2229a575298c48d94d"
}