An xz-backdoor container image based on xzbot project for learning purpose
-
Updated
Apr 9, 2024 - Dockerfile
An xz-backdoor container image based on xzbot project for learning purpose
A safe Go interface to liblzma, the "xz" compression library.
Notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)
Checker for CVE-2024-3094 where malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code.
XZ Utils (wrapper)
A simple C program with stubs, allowing one to dynamically debug the backdoor included in liblzma
A signed and notarized universal macOS installer package for XZ Utils.
xz-vulnerability-poc (cross platform) This repository contains a Proof of Concept (POC) script for the xz vulnerability
Shell scripts to identify and fix installations of xz-utils affected by the CVE-2024-3094 vulnerability. Versions 5.6.0 and 5.6.1 of xz-utils are known to be vulnerable, and this script aids in detecting them and optionally downgrading to a stable, un-compromised version (5.4.6) or upgrading to latest version. Added Ansible Playbook
Add a description, image, and links to the xz-utils topic page so that developers can more easily learn about it.
To associate your repository with the xz-utils topic, visit your repo's landing page and select "manage topics."