Detections
Analytics
XZ Utils 5.6.0 / 5.6.1 Liblzma Backdoor Check
critical Nessus Plugin ID 192737
Language:
Synopsis
The version of XZ Utils installed on the remote host is affected by a backdoor vulnerability.Description
The version of XZ Utils installed on the remote host is potentially affected by a backdoor vulnerability.Note: This plugin is paranoid because not all instances of the affected versions of XZ Utils are known to be vulnerable to the backdoor. The method of installation of XZ Utils plays a role in whether the install is vulnerable or not. However, multiple vendors have rolled out remediation fixes as a precaution.
Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
As this detection can lead to potential false positives, it is recommended that manual verification of identified instances be performed.
For more information, refer to https://www.tenable.com/blog/frequently-asked-questions-cve-2024-3094-supply-chain-backdoor-in-xz-utils
Solution
See vendor advisory.See Also
http://www.nessus.org/u?ff42ccd0
Plugin Details
Severity: Critical
ID: 192737
File Name: xz_utils_nix_5.6_backdoor.nasl
Version: 1.4
Type: local
Agent: unix
Family: Misc.
Published: 4/1/2024
Updated: 10/23/2024
Configuration: Enable paranoid mode, Enable thorough checks
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Critical
Score: 10.0
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 8.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2024-3094
CVSS v3
Risk Factor: Critical
Base Score: 10
Temporal Score: 9.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:xz-utils
Required KB Items: Settings/ParanoidReport, installed_sw/XZ Utils
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 3/29/2024
Vulnerability Publication Date: 3/29/2024
Reference Information
CVE: CVE-2024-3094
IAVA: 2024-A-0327