this post was submitted on 31 Mar 2024
83 points (95.6% liked)

Explain Like I'm Five

14220 readers
3 users here now

Simplifying Complexity, One Answer at a Time!

Rules

  1. Be respectful and inclusive.
  2. No harassment, hate speech, or trolling.
  3. Engage in constructive discussions.
  4. Share relevant content.
  5. Follow guidelines and moderators' instructions.
  6. Use appropriate language and tone.
  7. Report violations.
  8. Foster a continuous learning environment.

founded 1 year ago
MODERATORS
sabbah@lemmy.world
AradFort@lemmy.world
rikudou@lemmings.world
Don_Dickle@lemmy.world
Rikudou_Sage@lemmy.world
83
ELI5: The Linux xz backdoor situation (pawb.social)
submitted 7 months ago by VinesNFluff@pawb.social to c/explainlikeimfive@lemmy.world
33 comments fedilink hide all child comments
 

PLEASE. I keep seeing it in memes. As I understand it the latest version of the xz package (present in rolling release distros like Arch and SUSE Tumbleweed) has "a backdoor", but I have no earthly clue what can be done by malicious folks with access to that backdoor or if I should be afraid or how to check if my distro is compromised or how to prevent damage if it is or (...)

you are viewing a single comment's thread
view the rest of the comments
[–] KevonLooney@lemm.ee 5 points 7 months ago (2 children)

This doesn't answer the question: what is the purpose behind adding the vulnerability? What specific things are vulnerable? What could it be used to do?

[–] SzethFriendOfNimi@lemmy.world 4 points 7 months ago* (last edited 7 months ago)

To allow somebody to change how the encryption between a server and client is handled so the communication can be intercepted. Either by putting a thumb on the scale for the cipher used or outright using a particular key that is known by an attacker.

E.g. to make a man in the middle or even passive traffic capture attack possible so they can choose to intercept supposedly secure traffic when they want to

I don’t know if the full extent of what it can be used for it known yet. Just that how they hook the calls for the traffic allows for some pretty nasty scenarios.

[–] hydroptic@sopuli.xyz 1 points 7 months ago* (last edited 7 months ago)

I literally just gave you a list of what's vulnerable: Debian / RPM -based distros on x86_64 Linux that installed new versions of liblzma5 (which are so new that likely only rolling release distros had them), running OpenSSH sshd via systemd.

As to what it could be used to do and what its purpose is, well, the backdoor's still being analyzed. Seems to be for remote code execution, ie. the attacker could theoretically execute code on a backdoored machine.