Unauthorized access may be possible due to a vulnerability in Linux distributions

Red Hat recently disclosed a malicious code found in XZ Utils versions 5.6.0 and 5.6.1, which are XZ format compression utilities commonly used in Linux distributions. The vulnerability, identified as CVE-2024-3094, has been reported by Red Hat.

According to Saumitra Das, Vice President of Engineering at Qualys, “This attack resembles the SolarWinds case, where code is surreptitiously inserted into the supply chain using xz, potentially allowing remote unauthenticated access. The complete attack kill chain remains uncertain, but such attacks are typically difficult to detect early on.”

The announcement states that the malicious code insertion in the affected versions can only be accessed fully through a download package.

Saumitra emphasizes the importance of defense in depth to detect threats at various stages of the kill chain. He suggests implementing measures both towards the beginning and the end of the chain to increase the chances of detecting attacks. Additionally, understanding the software supply chain is crucial, with Software Bill of Materials (SBOM) serving as the first step in identifying software components and their sources. Verification of the origins and maintainers of these components is necessary for enhancing security.