An ssh honeypot with the XZ backdoor. CVE-2024-3094
- 
            Updated
            Apr 2, 2024 
- Shell
An ssh honeypot with the XZ backdoor. CVE-2024-3094
Shell scripts to identify and fix installations of xz-utils affected by the CVE-2024-3094 vulnerability. Versions 5.6.0 and 5.6.1 of xz-utils are known to be vulnerable, and this script aids in detecting them and optionally downgrading to a stable, un-compromised version (5.4.6) or upgrading to latest version. Added Ansible Playbook
GNU IFUNC is the real culprit behind CVE-2024-3094
Dockerfile and Kubernetes manifests for reproduce CVE-2024-3094
Verify that your XZ Utils version is not vulnerable to CVE-2024-3094
apocalypxze: xz backdoor (2024) AKA CVE-2024-3094 related links
Checker for CVE-2024-3094 where malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code.
A lightweight utility designed to detect and remediate systems affected by CVE-2024-3094, a critical vulnerability impacting [insert affected software/library here if known]. This tool provides automated scanning, reporting, and optional mitigation steps to help administrators and security teams secure their environments quickly.
Add a description, image, and links to the cve-2024-3094 topic page so that developers can more easily learn about it.
To associate your repository with the cve-2024-3094 topic, visit your repo's landing page and select "manage topics."