Some good sleuthing and interesting chaining here:
CVE-2024-3094: backdoor in upstream xz/liblzma leading to ssh server compromise
inserted m4 code -> configure script -> injected code into xz -> sshd when compiled with liblzma (e.g., used by systemd, what else)
https://www.openwall.com/lists/oss-security/2024/03/29/4
Jan Schaumann /
npub1kv…medh2
2024-03-29 16:57:42
Author Public Key
npub1kvy8enal7npw9ct28tc53d4r5fl7q7a3ua3gku22z8jlyec37f3snmedh2Published at
2024-03-29 16:57:42Event JSON
{
"id": "20c10cde1ba69e6e3fcd501f58ef552af4ff73b674d19cd9e86df3e2d45fbc57",
"pubkey": "b3087ccfbff4c2e2e16a3af148b6a3a27fe07bb1e7628b714a11e5f26711f263",
"created_at": 1711731462,
"kind": 1,
"tags": [
[
"proxy",
"https://mstdn.social/users/jschauma/statuses/112180033099487815",
"activitypub"
]
],
"content": "Some good sleuthing and interesting chaining here:\n\nCVE-2024-3094: backdoor in upstream xz/liblzma leading to ssh server compromise\n\ninserted m4 code -\u003e configure script -\u003e injected code into xz -\u003e sshd when compiled with liblzma (e.g., used by systemd, what else)\n\nhttps://www.openwall.com/lists/oss-security/2024/03/29/4",
"sig": "e8d8cc25af3c9cd2335e1c860153fc607d4331ef8e655d8e856cd280d991a7512abb60e5af84d012eb89535d0851d1b104c2eff07e635d36fe48f12ef81c90b8"
}