Article 6KQ7Q Backdoor found in widely used Linux utility targets encrypted SSH connections

Backdoor found in widely used Linux utility targets encrypted SSH connections

by
Dan Goodin
from Ars Technica - All content on (#6KQ7Q)
backdoor-1-800x533.jpg

Enlarge / Internet Backdoor in a string of binary code in a shape of an eye. (credit: Getty Images)

Researchers have found a malicious backdoor in a compression tool that made its way into widely used Linux distributions, including those from Red Hat and Debian.

The compression utility, known as xz Utils, introduced the malicious code in versions 5.6.0 and 5.6.1, according to Andres Freund, the developer who discovered it. There are no known reports of those versions being incorporated into any production releases for major Linux distributions, but both Red Hat and Debian reported that recently published beta releases used at least one of the backdoored versions-specifically, in Fedora Rawhide and Debian testing, unstable and experimental distributions. A stable release of Arch Linux is also affected. That distribution, however, isn't used in production systems.

Because the backdoor was discovered before the malicious versions of xz Utils were added to production versions of Linux, it's not really affecting anyone in the real world," Will Dormann, a senior vulnerability analyst at security firm Analygence, said in an online interview. BUT that's only because it was discovered early due to bad actor sloppiness. Had it not been discovered, it would have been catastrophic to the world."

Read 14 remaining paragraphs | Comments

External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments