406
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 29 Mar 2024
406 points (99.0% liked)
Linux
48366 readers
775 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
What is the name of the software that is affected??
Hard to tell from first glance but my guess would be this is fallout from the ongoing
xz
drama. Here: https://www.openwall.com/lists/oss-security/2024/03/29/4Also: https://arstechnica.com/security/2024/03/backdoor-found-in-widely-used-linux-utility-breaks-encrypted-ssh-connections/
xz is the compromised package, but it in turn compromises ssh authentication
In turn it ~~compromises ssh authentication~~ allows remote code execution via system(); if the connecting SSH certificate contains the backdoor key. No user account required. Nothing logged anywhere you'd expect. Full root code execution.
There is also a killswitch hard-coded into it, so it doesn't affect machines of whatever state actor developed it.
It's pretty clear this is a state actor, targeting a dependency of one of the most widely used system control software on Linux systems. There are likely tens or hundreds of other actors doing the exact same thing. This one was detected purely by chance, as it wasn't even in the code for ssh.
If people ever wonder how cyber warfare could potentially cause a massive blackout and communications system interruption - this is how.
You mean thousands?
That was supposed to be or, not of.
Microsoft Edge.