[mdlug] info about the xz backdoor
LAP
mail1 at lapiet.info
Sun Mar 31 11:01:05 EDT 2024
On Sun, 31 Mar 2024 10:17:55 -0400 (EDT)
Jay <jjn at nuge.com> wrote:
>
> Do tell HOW you know this? What in the output of that command
> should we be looking for? The Video was a rambling blather and
> failed to JUST CLEARLY SAY what we should look for.
>
On distros that use systemd, sshd will be patched to link to
liblzma, which is part of the xz-utils package. Ordinarily,
without this specific patch, sshd is not linked to liblzma.
On compromised systems, during logins using ssh/sshd the
backdoor can or will be activated because of this linking.
I don't know for certain, but I believe that most distros
will start the sshd daemon on boot up and thus there is
an open port that can be exploited.
Since I use a workstation desktop I do not automatically
open any ports (except http for the Internet) nor do I
use systemd.
More information about the mdlug
mailing list