ClickySkip to main content
Need help with a cyber incident now?
Call 24/7: +31 88-2747800

XZ Utils vulnerability

By 2 April 2024 CERT, SOC, Vulnerability

This live blog contains information regarding a XZ Utils vulnerability. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog.

Last updated on April 2, 2024.

Andres Freund has discovered a vulnerability in the XZ libraries (Version 5.6.0 and 5.6.1). The vulnerability in liblzma allows access to systems running SSHD. To gain access, a specific key must be used, and the SSHD environment must be accessible from the public web. An unauthorized attacker can exploit these vulnerabilities to create a new administrator account and/or initiate remote code execution, with all the associated risks.

Background

Background The Dutch National Cyber Security Centre (NCSC) has classified this vulnerability as ‘High/High’. The CVE-2024-3094 vulnerability has been rated with a score of 10. This indicates a high risk of abuse and serious impact.

Potential Risk

The vulnerabilities concern XZ Utils 5.6.0 and 5.6.1. This vulnerability allows an attacker to create a new administrator account and execute arbitrary code.

Vulnerable:

  1. Kali Linux: Only versions between March 26 and March 29 are affected.
  2. openSUSE Tumbleweed and openSUSE MicroOS: Available from March 7 to March 28.
  3. Fedora 41, Fedora Rawhide, and Fedora Linux 40 beta.
  4. Debian: Only the testing, unstable, and experimental distributions.

Safe:

  1. Red Hat Enterprise Linux (RHEL)
  2. SUSE Linux Enterprise
  3. openSUSE Leap
  4. Debian Stable

Advise

Use the command xz –version to check the version. Users of XZ Utils 5.6.0 and 5.6.1 are strongly advised to downgrade to version 5.4.6 as soon as possible. If the system was vulnerable and connected to the public internet with openssh, it is recommended to check if the system has been attacked.

Subscribe

Do you want to be informed in time? Sign up for our technical updates

Would you like to receive these critical vulnerabilities by e-mail from now on? Enter your e-mail address below.

Tesorion uses your personal data to send out requested information and possibly for contact by telephone and for marketing and sales purposes. You can change your preferences whenever you want. Read our privacy policy for more information.