Hello, I'm Barbaros. The resources for this topic will not be shared in the International section. It will only be shared as text. Only the important parts will be highlighted in the Turkish section up to the color of the text. If you are reading from the International section, you need to look at the Turkish Topic Link.
CVE-2024-3094: What is Linux and Application Security ?
A recent discovery by Microsoft of an encrypted and malicious operation for the liblzma and xz package led to Vulnerability CVE-2024-3094. This was a development that shook the security and Linux community, emphasizing the critical importance of SBOM, Application Security, and ASPM.
What Does This Vulnerability Expose?
CVE-2024-3094 is not just another vulnerability; it's a glaring beacon highlighting the ever-present risks in the Linux ecosystem. Discovered within the XZ Utils compression utilities—a cornerstone in most Linux distributions—this vulnerability could potentially allow malicious actors to bypass sshd authentication, gaining unauthorized system access remotely. The implications for Linux application security cannot be overstated, making it imperative for cybersecurity professionals to grasp the mechanics and consequences of CVE-2024-3094.
CVE-2024-3094 Detection
Simple detection script (Linux): CVE-2024-3094-fix-exploits/detect_liblza-quick.sh at main · Security-Phoenix-demo/CVE-2024-3094-fix-exploits
Other Detection script:CVE-2024-3094-fix-exploits/find_liblzma.sh at main · Security-Phoenix-demo/CVE-2024-3094-fix-exploits
Attack example:GitHub - Security-Phoenix-demo/CVE-2024-3094_exploit_xzbot: notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)
If you have the vulnerable version, run this script to test and determine whether it exists or not:
Kod:
vim findxv.sh
Paste Below Code and save and quit
#! /bin/bash
set -eu
# find path to liblzma used by sshd
path="$(ldd $(which sshd) | grep liblzma | grep -o '/[^ ]*')"
# does it even exist?
if [ "$path" == "" ]
then
echo probably not vulnerable
exit
fi
# check for function signature
if hexdump -ve '1/1 "%.2x"' "$path" | grep -q f30f1efa554889f54c89ce5389fb81e7000000804883ec28488954241848894c2410
then
echo probably vulnerable
else
echo probably not vulnerable
fi
chmod +x findxv.sh
./findxv.sh
Optional Cleanup: rm findxv.sh
Which Linux Versions Are Affected ?
Source : CVE-2024-3094: Linux ve Uygulama Güvenliği Nedir ? Türkçe Anlatım
CVE-2024-3094 Common Vulnerabilities and Exposures | SUSE
Secure your Linux systems from CVE-2024-3094 with SUSE.
www.suse.com
CVE-2024-3094
aws.amazon.com
Source : CVE-2024-3094: Linux ve Uygulama Güvenliği Nedir ? Türkçe Anlatım