Sujet : Re: Check If Your Distro Is Vulnerable To XZ Backdoor
De : candycanearter07 (at) *nospam* candycanearter07.nomail.afraid (candycanearter07)
Groupes : comp.os.linux.advocacyDate : 03. Apr 2024, 16:40:09
Autres entêtes
Organisation : the-candyden-of-code
Message-ID : <uujpo9$3vqgf$1@dont-email.me>
References : 1 2
User-Agent : slrn/pre1.0.4-9 (Linux)
Physfitfreak <
physfitfreak@gmail.com> wrote at 00:56 this Wednesday (GMT):
On 3/31/24 08:01, Farley Flud wrote:
Run this command to check if liblzma is linked to ssh:
ldd "$(command -v sshd)"
For example, on Gentoo (the best distro) I get:
linux-vdso.so.1 (0x00007ffff7fcb000)
libcrypt.so.2 => /usr/lib64/libcrypt.so.2 (0x00007ffff7f6e000)
libcrypto.so.3 => /usr/lib64/libcrypto.so.3 (0x00007ffff7a00000)
libz.so.1 => /usr/lib64/libz.so.1 (0x00007ffff7f54000)
libc.so.6 => /lib64/libc.so.6 (0x00007ffff783c000)
/lib64/ld-linux-x86-64.so.2 (0x00007ffff7fcc000)
Nope. There ain't no linking to liblzma, thus Gentoo is NOT affected
regardless of what version of xz-utils is installed.
Systemd is ultimately responsible and more and more hackers will be
looking for more and better ways of exploiting that 3 million loc
pile of junk.
Don't say we didn't tell you so.
To save your systems, downgrade xz-utils AND eliminate systemd.
>
What version of xz-utils is vulnerable?
5.6.0 and 5.6.1
-- user <candycane> is generated from /dev/urandom