Skip to content

Checker for CVE-2024-3094 where malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code.

Notifications You must be signed in to change notification settings

harekrishnarai/xz-utils-vuln-checker

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 

Repository files navigation

   _  __ ____         __  __  / /_   (_)   / /   _____
  | |/_//_  / ______ / / / / / __/  / /   / /   / ___/
 _>  <   / /_/_____// /_/ / / /_   / /   / /   (__  ) 
/_/|_|  /___/       \__,_/  \__/  /_/   /_/   /____/  
                                                      
							Hare Krishna Rai (0xblurr3d)               
 _   __  __  __   / /   ____          _____   / /_   ___   _____   / /__  ___    _____
| | / / / / / /  / /   / __ \ ______ / ___/  / __ \ / _ \ / ___/  / //_/ / _ \  / ___/
| |/ / / /_/ /  / /   / / / //_____// /__   / / / //  __// /__   / ,<   /  __/ / /    
|___/  \__,_/  /_/   /_/ /_/        \___/  /_/ /_/ \___/ \___/  /_/|_|  \___/ /_/     
(CVE-2024-3094)                                                                          

[+] Initiating vulnerability check...
[+] Detecting package manager...
[+] Getting xz-utils version...
[+] Checking xz-utils version for vulnerabilities...

CVE-2024-3094

Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.

References for CVE-2024-3094

Resource URL
Red Hat Link
Ars Technica Link
AWS Link
Dark Reading Link
Tenable Blog Link

Prerequisites

You need to have a bash shell to run this script. This is typically available on most Unix-like operating systems, including Linux and Mac OS X.

Installing

To use this script, you can simply download it and give it execute permissions:

git clone https://github.com/harekrishnarai/xz-utils-vuln-checker
cd xz-utils-vuln-checker
chmod +x xz-utils-vuln-checker.sh
./xz-utils-vuln-checker.sh
The available options are:
-s, --summary       Display a short summary about CVE-2024-3094
-h, --help: Display the help message

About

Checker for CVE-2024-3094 where malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code.

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages