oss-sec mailing list archives
Re: backdoor in upstream xz/liblzma leading to ssh server compromise
From: Solar Designer <solar () openwall com>
Date: Sun, 31 Mar 2024 22:33:47 +0200
On Sat, Mar 30, 2024 at 11:00:09PM +0100, Solar Designer wrote:
On Fri, Mar 29, 2024 at 08:51:26AM -0700, Andres Freund wrote:This injects an obfuscated script to be executed at the end of configure. This script is fairly obfuscated and data from "test" .xz files in the repository.Gynvael Coldwind @gynvael performed what's probably the most elaborate analysis of the bash obfuscation so far. I'm posting it in here on his behalf. The original blog post is at: https://gynvael.coldwind.pl/?lang=en&id=782
Much of the scripted part of the backdoor is now also illustrated by Thomas Roccia @fr0gger_ in: https://twitter.com/fr0gger_/status/1774342248437813525 I'm attaching a scaled down and color-reduced (but legible) version of the image ("convert -strip -quality 100 -resize 50% -colors 12"). Alexander
Current thread:
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise, (continued)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Andres Freund (Mar 30)
- Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Axel Beckert (Mar 30)
- Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Andres Freund (Mar 30)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Solar Designer (Mar 31)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Jeffrey Walton (Mar 31)
- Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Axel Beckert (Mar 30)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Andres Freund (Mar 30)
- Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Fay Stegerman (Mar 30)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Solar Designer (Mar 30)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Rein Fernhout (Levitating) (Mar 30)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Andres Freund (Mar 30)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Solar Designer (Mar 31)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Dominique Martinet (Mar 31)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Solar Designer (Mar 31)