Категории

Unveiling the xz Utils Backdoor which deliberately opens our SSH connections for RCEs

Опубликовано: 31 Март 2024
на канале: Jadi
23,069
574

In the latest liblzma update, a trusted bad actor called 'JiaT75' implemented a backdoor which allows RCE (sending calls to system()) on ssh connections. Here I'm looking into the case and explaining how it works.

Links:
AndresFreundTec on Mastodon: https://mastodon.social/@AndresFreund...
openwall email: https://www.openwall.com/lists/oss-se...
debian repo: https://salsa.debian.org/debian/xz-ut...
Filippo Valsorda on bsky: https://bsky.app/profile/filippo.abys...

Смотрите видео Unveiling the xz Utils Backdoor which deliberately opens our SSH connections for RCEs онлайн без регистрации, длительностью часов минут секунд в хорошем качестве. Это видео добавил пользователь Jadi 31 Март 2024, не забудьте поделиться им ссылкой с друзьями и знакомыми, на нашем сайте его посмотрели 23,069 раз и оно понравилось 574 людям.

play_arrow
36,409
33

Extreme Mountain Bike Hardcore Urban ChallengeNewcastle

Extreme Mountain Bike Hardcore Urban ChallengeNewcastle
play_arrow
10,925
855

ПРИКЛЮЧЕНИЯ ПОППЕ - игра от наших разработчиков! [Впечатления и ожидания]

ПРИКЛЮЧЕНИЯ ПОППЕ - игра от наших разработчиков! [Впечатления и ожидания]
play_arrow
3,536
5

Тихое место 2 Смотреть онлайн

Тихое место 2 Смотреть онлайн
play_arrow
50,194
1.7 тыс

AUTOMHATE & MAD DUBZ - POPPE

AUTOMHATE & MAD DUBZ - POPPE
play_arrow
41
5

Callback function #2 - Create a simple callback function

Callback function #2 - Create a simple callback function
play_arrow
1,771
19

HTML 5 - Chapter 6 - HTML 5 form attributes (required, pattern, placeholder, Step, Height, Width)

HTML 5 - Chapter 6 - HTML 5 form attributes (required, pattern, placeholder, Step, Height, Width)
play_arrow
430
12

How to download | apply animated cursors in windows 10

How to download | apply animated cursors in windows 10
play_arrow
6,402
246

Automhate x Mad Dubz - Poppe

Automhate x Mad Dubz - Poppe
Похожие видео
play_arrow
Top Algorithm Interview Questions: The Length of the last word

Top Algorithm Interview Questions: The Length of the last word
play_arrow
Top Algorithm Interview Questions Fully Explained: Convert Roman numbers to Int

Top Algorithm Interview Questions Fully Explained: Convert Roman numbers to Int
play_arrow
Top Algorithm Interview Questions Fully Explained: Best time to Buy and Sell Stock

Top Algorithm Interview Questions Fully Explained: Best time to Buy and Sell Stock
play_arrow
Durov is arrested; a reminder for you to export your Telegram data, chats, photos, ...

Durov is arrested; a reminder for you to export your Telegram data, chats, photos, ...
play_arrow
Top Algorithm Interview Questions Fully Explained: Find the Majority Element in a list

Top Algorithm Interview Questions Fully Explained: Find the Majority Element in a list
play_arrow
Top Algorithm Interview Questions Fully Explained; remove duplicates from an array

Top Algorithm Interview Questions Fully Explained; remove duplicates from an array
play_arrow
Top Algorithm Interview Questions Fully Explained: Remove Elements

Top Algorithm Interview Questions Fully Explained: Remove Elements
play_arrow
LLM Programming Made Easy: 20 Min tutorial on starting your local SLM openai compatible project

LLM Programming Made Easy: 20 Min tutorial on starting your local SLM openai compatible project
play_arrow
Top Algorithm Interview Questions Fully Explained; Ransom Notes using hashmaps

Top Algorithm Interview Questions Fully Explained; Ransom Notes using hashmaps
play_arrow
regreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems explained

regreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems explained
play_arrow
Top Algorithm Interview Questions Fully Explained - Merge Sorted Array; Arrays & 2 Pointers Solution

Top Algorithm Interview Questions Fully Explained - Merge Sorted Array; Arrays & 2 Pointers Solution
play_arrow
Top Algorithm Interview Questions Explained - Valid Parentheses - Stacks, Easy

Top Algorithm Interview Questions Explained - Valid Parentheses - Stacks, Easy
play_arrow
Linux Privilege Escalations; sample of exploit chaining

Linux Privilege Escalations; sample of exploit chaining
play_arrow
Unleash Your Inner Geek: Crafting your own Unix Command! Program your own 'who' and 'users'.

Unleash Your Inner Geek: Crafting your own Unix Command! Program your own 'who' and 'users'.
play_arrow
Installing OpenBSD on Hetzner VMs; a trick to install a new OS on your current VPS

Installing OpenBSD on Hetzner VMs; a trick to install a new OS on your current VPS
play_arrow
A quick look at the rewrite of coreutils with Rust and the history of NetBSD

A quick look at the rewrite of coreutils with Rust and the history of NetBSD
play_arrow
Exploring the 'CON' Folder Mystery in Windows by studying the recently published source code of DOS4

Exploring the 'CON' Folder Mystery in Windows by studying the recently published source code of DOS4
play_arrow
Sending a PR for Rust Coreutils; fixing a bug related to "no pid" when killing a process

Sending a PR for Rust Coreutils; fixing a bug related to "no pid" when killing a process
play_arrow
Reverse Engineering an easy cryptographic algorithm

Reverse Engineering an easy cryptographic algorithm
play_arrow
Coolest easter egg in #gaming history ever; Reversed KarateKa on #Apple II #easteregg #retro

Coolest easter egg in #gaming history ever; Reversed KarateKa on #Apple II #easteregg #retro
play_arrow
River Raid Rust in Terminal: Adding color and text based graphics

River Raid Rust in Terminal: Adding color and text based graphics
play_arrow
Unveiling the xz Utils Backdoor which deliberately opens our SSH connections for RCEs

Unveiling the xz Utils Backdoor which deliberately opens our SSH connections for RCEs
play_arrow
Add the nostalgic IBM M1 #mechanical #keyboard sound to your #linux and #mac

Add the nostalgic IBM M1 #mechanical #keyboard sound to your #linux and #mac
play_arrow
River Raid Rust: merging more PRs and breaking the program into different modules

River Raid Rust: merging more PRs and breaking the program into different modules