A backdoor has been discovered affecting SSH server deployments. While most people this should not be an issue, and will only affect very bleeding edge installations, it is important to verify you are not vulnerable.
SSH Is the defacto standard for remote access on Linux and is commonly accepted as a safe port to leave exposed on servers hosted on the Internet. Although you should do so using SSH Keys and not just passwords.
The root of the problem (pun intended) is a backdoored library (XZ) that is used by SSH server. This vulnerability has been assigned CVE-2024-3094.
Simply do sudo apt list --installed | grep xz
This should return a result like this:
xz-utils/pikauwu,now 5.4.1-0.2 amd64 [installed,automatic]
If you see version 5.6.x, you are running a vulnerable version of XZ and you should downgrade immediately to 5.4 or 5.5. Fedora just downgraded all their releases to 5.4 and most people will likely be running 5.4.
Here's a trick if you use ansible, you can check all Linux hosts in your inventory using the shell module.
ansible linux -m shell -a "apt list --installed | grep xz" -K
This will run an adhoc shell on all your linux machines in your inventory and will result in an output like this:
witness07 | CHANGED | rc=0 >>
xz-utils/jammy,now 5.2.5-2ubuntu1 amd64 [installed,automatic]
WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
witness03 | CHANGED | rc=0 >>
xz-utils/jammy,now 5.2.5-2ubuntu1 amd64 [installed,automatic]
WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
docka | CHANGED | rc=0 >>
xz-utils/jammy,now 5.2.5-2ubuntu1 arm64 [installed,automatic]
WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
witness04 | CHANGED | rc=0 >>
xz-utils/jammy,jammy,now 5.2.5-2ubuntu1 amd64 [installed]
WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
witness06 | CHANGED | rc=0 >>
xz-utils/jammy,jammy,now 5.2.5-2ubuntu1 amd64 [installed]
WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
Most witness nodes will likely be running 22.04 and will be using 5.2.5 of the XZ library and will be safe.
Although it is unlikely you will have a vulnerable machine, it is worth checking to be sure.
If you want more detail on the vulnerability, this video does a good job explaining it.
You can also read the original discovery of the vulnerability on openwall.
If you are not using ansible, maybe now is a good time to check it out.
I also recommend checking out this excellent breakdown of the events leading up to this vulnerability here.
Thanks for the heads up. I'll be sure to check my servers.
That's incredible... and so important! Thanks for sharing!
Thanks, reblogged! Hopefully my server is still on the older version, I'll have to check.
This post has been manually curated by the VYB curation project
Is it something related to hive blockchain or hive users accounts security?
Not directly but most of the witnesses run Linux. Most shouldn't be affected, it's only if you are running really bleeding edge builds.
Thanks for the clarification, it means it's about witnesses not an average user like me, as a non technical person I need your help to understand it properly, thank you so much Sr.
Thanks for sharing
这件事的发生让我很惊讶
thanks
Fat Gandalf...
Now I know...lol...