An ssh honeypot with the XZ backdoor. CVE-2024-3094
-
Updated
Apr 2, 2024 - Shell
An ssh honeypot with the XZ backdoor. CVE-2024-3094
Shell scripts to identify and fix installations of xz-utils affected by the CVE-2024-3094 vulnerability. Versions 5.6.0 and 5.6.1 of xz-utils are known to be vulnerable, and this script aids in detecting them and optionally downgrading to a stable, un-compromised version (5.4.6) or upgrading to latest version. Added Ansible Playbook
Checker for CVE-2024-3094 where malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code.
Fuckify your bash commands to the moon and beyond, credits to https://github.com/0xddaa/bashfuck
Add a description, image, and links to the xz topic page so that developers can more easily learn about it.
To associate your repository with the xz topic, visit your repo's landing page and select "manage topics."