Binarly, a firmware security firm, has recently released a free online scanner to identify Linux executables affected by a supply chain attack on XZ Utils. This attack, known as CVE-2024-3094, is a compromise within the XZ Utils data compression tools and libraries commonly used in major Linux distributions. The backdoor was discovered by a Microsoft engineer who noted slow SSH logins on Debian Sid.
The suspicious contributor added the backdoor in XZ version 5.6.0, which persisted in version 5.6.1. Fortunately, only a few distributions using bleeding-edge updates were impacted. To combat this threat, Binarly created a specialized scanner that goes beyond simple checks like byte string matching and file hash blocklisting. This scanner increases accuracy by scanning various supply chain points, providing more reliable results.
In light of these developments, Binarly has even made a free API available for bulk scans, offering a comprehensive solution to address potential security risks within Linux distributions.
Source link
