[cfarm-users] CVE-2024-3094 (compromised xz-utils / liblzma)
Baptiste Jonglez
baptiste at bitsofnetworks.org
Sat Mar 30 10:49:51 CET 2024
Hello,
As you probably have heard, a seriously compromised version of xz-utils
and liblzma successfully made its way into Debian unstable and testing:
https://lists.debian.org/debian-security-announce/2024/msg00057.html
https://www.openwall.com/lists/oss-security/2024/03/29/4
According to our investigation, only a single machine of the cfarm has
been using the compromised packages: cfarm421.
As a remediation, we have updated the xz-utils packages on Fri Mar 29
17:23 UTC and rebooted the host.
Nobody seems to know yet what the malicious payload was doing exactly,
except that it targeted sshd. If the malicious payload was allowing a
specific SSH key from an attacker, it would have been hard to exploit
because of the custom SSH port on cfarm421 and the relatively short
timespan for exploitation (from 2024-03-18 to 2024-03-29). We have found
no trace indicating that the system has been compromised.
If you have been connecting over SSH to cfarm421 since it was made
available on the farm, you should be aware that you have connected to a
sshd daemon that was running a malicious payload. We should hopefully
learn in the coming days whether this is a serious problem or not.
Regards,
Baptiste, for the cfarm admin team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.tetaneutral.net/pipermail/cfarm-users/attachments/20240330/d12a033a/attachment.sig>
More information about the cfarm-users
mailing list