XZ backdoor in a nutshelllemmy.zipimagecross-posted to: linux@lemmy.eco.br Possibly linux ( @possiblylinux127@lemmy.zip ) Linux@lemmy.mlEnglish • 3 months ago message-square61fedilinkarrow-up1705
arrow-up1705imageXZ backdoor in a nutshelllemmy.zip Possibly linux ( @possiblylinux127@lemmy.zip ) Linux@lemmy.mlEnglish • 3 months ago message-square61fedilinkcross-posted to: linux@lemmy.eco.br
minus-square The Doctor ( @drwho@beehaw.org ) linkfedilinkEnglish8•3 months agoSomebody wrote a PoC for it: https://github.com/amlweems/xzbot#backdoor-demo Basically, if you have a patched SSH client with the right ED448 key you can have the gigged sshd on the other side run whatever commands you want. The demo just does id > /tmp/.xz but it could be whatever command you want.
Somebody wrote a PoC for it: https://github.com/amlweems/xzbot#backdoor-demo
Basically, if you have a patched SSH client with the right ED448 key you can have the gigged sshd on the other side run whatever commands you want. The demo just does
id > /tmp/.xz
but it could be whatever command you want.