Possibly linux@lemmy.zip to Linux@lemmy.mlEnglish · 8 months agoXZ backdoor in a nutshelllemmy.zipimagemessage-square162fedilinkarrow-up11.23Karrow-down110 cross-posted to: linux@lemmy.eco.br
arrow-up11.22Karrow-down1imageXZ backdoor in a nutshelllemmy.zipPossibly linux@lemmy.zip to Linux@lemmy.mlEnglish · 8 months agomessage-square162fedilink cross-posted to: linux@lemmy.eco.br
minus-squareThe Doctor@beehaw.orglinkfedilinkEnglisharrow-up8·8 months agoSomebody wrote a PoC for it: https://github.com/amlweems/xzbot#backdoor-demo Basically, if you have a patched SSH client with the right ED448 key you can have the gigged sshd on the other side run whatever commands you want. The demo just does id > /tmp/.xz but it could be whatever command you want.
Somebody wrote a PoC for it: https://github.com/amlweems/xzbot#backdoor-demo
Basically, if you have a patched SSH client with the right ED448 key you can have the gigged sshd on the other side run whatever commands you want. The demo just does
id > /tmp/.xz
but it could be whatever command you want.