Supply Chain Attack Leads to Backdoor vulnerability 

Recently a supply chain attack was uncovered with a backdoor being detected in specific versions of a commonly used utility called XZ Utils in Linux. The backdoor had the potential to grant malicious actors full, unauthorized access to systems using the affected versions. Our Cyber Security Team has put together an advisory documenting the procedure to verify if your organization has been affected along with the preventive and remedial steps to be undertaken to protect your information systems. 

What is XZ Utils Backdoor Vulnerability? 

The CVE-2024-3094 vulnerability, also known as the xz supply chain attack, represents a significant security issue identified within the xz/liblzma package, beginning from version 5.6.0. This flaw involves the discovery of malicious code within the upstream tarballs of xz, posing a threat to the software supply chain, especially in opensource environments. Exploitation of this backdoor may potentially grant unauthorized entry and control over compromised systems.XZ Utils is a vital data compression tool widely integrated into Linux distributions. It is utilized in compressing diverse file types like release tarballs, software packages, kernel images, and initramfs images. 

Background of the Vulnerability: 

A Microsoft engineer involved in contributing to PostgreSQL projects encountered performance issues on a Debian system linked to SSH. These issues were characterized by heightened CPU usage during SSH logins and errors flagged by valgrind, a memory monitoring tool. Subsequent investigation uncovered that certain versions of the xz libraries contained malicious code, highlighting the significance of CVE-2024-3094 as a critical concern for Linux security.