Categories

Unveiling the xz Utils Backdoor which deliberately opens our SSH connections for RCEs

Published: 31 March 2024
on channel: Jadi
23,069
574

In the latest liblzma update, a trusted bad actor called 'JiaT75' implemented a backdoor which allows RCE (sending calls to system()) on ssh connections. Here I'm looking into the case and explaining how it works.

Links:
AndresFreundTec on Mastodon: https://mastodon.social/@AndresFreund...
openwall email: https://www.openwall.com/lists/oss-se...
debian repo: https://salsa.debian.org/debian/xz-ut...
Filippo Valsorda on bsky: https://bsky.app/profile/filippo.abys...

Watch video Unveiling the xz Utils Backdoor which deliberately opens our SSH connections for RCEs online without registration, duration hours minute second in high quality. This video was added by user Jadi 31 March 2024, don't forget to share it with your friends and acquaintances, it has been viewed on our site 23,069 once and liked it 574 people.

play_arrow
1,629
32

ЛУЧШИЕ ТРИЛЛЕРЫ 2020 ГОДА | ТОП 11 | ИТОГ 2020 ГОДА!

ЛУЧШИЕ ТРИЛЛЕРЫ 2020 ГОДА | ТОП 11 | ИТОГ 2020 ГОДА!
play_arrow
61
1

ОБЗОР ПОРТНОВСКИХ КОЛОДОК!!!

ОБЗОР ПОРТНОВСКИХ КОЛОДОК!!!
play_arrow
2,382
47

Can God forgive the Devil?

Can God forgive the Devil?
play_arrow
3,889,228
34K

White Lies - Tokyo (Official Video)

White Lies - Tokyo (Official Video)
play_arrow
2,101
like

★ Brain chip tuning KIA Optima and Magentis ➤ ECU Delphi MT-38 from Adact

★ Brain chip tuning KIA Optima and Magentis ➤ ECU Delphi MT-38 from Adact
play_arrow
442
11

I Build Perfect 0,1% Secret Igris In Roblox Anime Defenders!

I Build Perfect 0,1% Secret Igris In Roblox Anime Defenders!
play_arrow
119,119
2.8K

أين الهلال الأحمر الجزائري؟ .. نوميديا لزول تتحدث عن حملة التبرعات التي وصلت لرقم 500.000 يورو

أين الهلال الأحمر الجزائري؟ .. نوميديا لزول تتحدث عن حملة التبرعات التي وصلت لرقم 500.000 يورو
play_arrow
8,308
38

Chris Brown - Dont Wake Me Up Ft. Benny Benassi ACAPELLA

Chris Brown - Dont Wake Me Up Ft. Benny Benassi ACAPELLA
Related
play_arrow
Top Algorithm Interview Questions: The Length of the last word

Top Algorithm Interview Questions: The Length of the last word
play_arrow
Top Algorithm Interview Questions Fully Explained: Convert Roman numbers to Int

Top Algorithm Interview Questions Fully Explained: Convert Roman numbers to Int
play_arrow
Top Algorithm Interview Questions Fully Explained: Best time to Buy and Sell Stock

Top Algorithm Interview Questions Fully Explained: Best time to Buy and Sell Stock
play_arrow
Durov is arrested; a reminder for you to export your Telegram data, chats, photos, ...

Durov is arrested; a reminder for you to export your Telegram data, chats, photos, ...
play_arrow
Top Algorithm Interview Questions Fully Explained: Find the Majority Element in a list

Top Algorithm Interview Questions Fully Explained: Find the Majority Element in a list
play_arrow
Top Algorithm Interview Questions Fully Explained; remove duplicates from an array

Top Algorithm Interview Questions Fully Explained; remove duplicates from an array
play_arrow
Top Algorithm Interview Questions Fully Explained: Remove Elements

Top Algorithm Interview Questions Fully Explained: Remove Elements
play_arrow
LLM Programming Made Easy: 20 Min tutorial on starting your local SLM openai compatible project

LLM Programming Made Easy: 20 Min tutorial on starting your local SLM openai compatible project
play_arrow
Top Algorithm Interview Questions Fully Explained; Ransom Notes using hashmaps

Top Algorithm Interview Questions Fully Explained; Ransom Notes using hashmaps
play_arrow
regreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems explained

regreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems explained
play_arrow
Top Algorithm Interview Questions Fully Explained - Merge Sorted Array; Arrays & 2 Pointers Solution

Top Algorithm Interview Questions Fully Explained - Merge Sorted Array; Arrays & 2 Pointers Solution
play_arrow
Top Algorithm Interview Questions Explained - Valid Parentheses - Stacks, Easy

Top Algorithm Interview Questions Explained - Valid Parentheses - Stacks, Easy
play_arrow
Linux Privilege Escalations; sample of exploit chaining

Linux Privilege Escalations; sample of exploit chaining
play_arrow
Unleash Your Inner Geek: Crafting your own Unix Command! Program your own 'who' and 'users'.

Unleash Your Inner Geek: Crafting your own Unix Command! Program your own 'who' and 'users'.
play_arrow
Installing OpenBSD on Hetzner VMs; a trick to install a new OS on your current VPS

Installing OpenBSD on Hetzner VMs; a trick to install a new OS on your current VPS
play_arrow
A quick look at the rewrite of coreutils with Rust and the history of NetBSD

A quick look at the rewrite of coreutils with Rust and the history of NetBSD
play_arrow
Exploring the 'CON' Folder Mystery in Windows by studying the recently published source code of DOS4

Exploring the 'CON' Folder Mystery in Windows by studying the recently published source code of DOS4
play_arrow
Sending a PR for Rust Coreutils; fixing a bug related to "no pid" when killing a process

Sending a PR for Rust Coreutils; fixing a bug related to "no pid" when killing a process
play_arrow
Reverse Engineering an easy cryptographic algorithm

Reverse Engineering an easy cryptographic algorithm
play_arrow
Coolest easter egg in #gaming history ever; Reversed KarateKa on #Apple II #easteregg #retro

Coolest easter egg in #gaming history ever; Reversed KarateKa on #Apple II #easteregg #retro
play_arrow
River Raid Rust in Terminal: Adding color and text based graphics

River Raid Rust in Terminal: Adding color and text based graphics
play_arrow
Unveiling the xz Utils Backdoor which deliberately opens our SSH connections for RCEs

Unveiling the xz Utils Backdoor which deliberately opens our SSH connections for RCEs
play_arrow
Add the nostalgic IBM M1 #mechanical #keyboard sound to your #linux and #mac

Add the nostalgic IBM M1 #mechanical #keyboard sound to your #linux and #mac
play_arrow
River Raid Rust: merging more PRs and breaking the program into different modules

River Raid Rust: merging more PRs and breaking the program into different modules