In the latest liblzma update, a trusted bad actor called 'JiaT75' implemented a backdoor which allows RCE (sending calls to system()) on ssh connections. Here I'm looking into the case and explaining how it works.
Links:
- AndresFreundTec on Mastodon: mastodon.socia...
- openwall email: www.openwall.c...
- debian repo: salsa.debian.o...
- Filippo Valsorda on bsky: bsky.app/profi...
Негізгі бет Unveiling the xz Utils Backdoor which deliberately opens our SSH connections for RCEs
Пікірлер: 98