CVE-2024-3094

This repository provides a functional exploit for CVE-2024-3094, the xz backdoor, including a honeypot for detection, a patch to replace the ED448 key, and a demo tool to trigger RCE via SSH certificate manipulation.

This repository provides a functional honeypot setup to detect exploitation attempts against CVE-2024-3094, the XZ backdoor in liblzma. It runs a vulnerable SSH daemon with monitoring tools (tcpdump, bpftrace, strace) to capture malicious activity.

This repository contains a bash script that checks for vulnerable versions of xz-utils (5.6.0 and 5.6.1) and attempts to remediate by either updating via package manager or installing a safe version from source. It does not exploit the vulnerability but detects and mitigates it.

This repository contains two bash scripts designed to detect the presence of the backdoored liblzma library (CVE-2024-3094) on a system. The scripts check for vulnerable xz versions and function signatures in liblzma, but do not include exploit code.

This repository contains a detection tool for CVE-2024-3094 (XZ Backdoor), which checks for the presence of malicious XZ/LZMA versions and vulnerable SSH configurations. The tool performs static analysis to identify affected systems without executing malicious code.

This repository contains a shell script designed to detect and mitigate the CVE-2024-3094 vulnerability in xz-utils by checking installed versions and upgrading/downgrading to a non-vulnerable version. It does not exploit the vulnerability but provides a remediation tool.

This repository provides a detailed technical analysis of CVE-2024-3094, focusing on the role of GNU IFUNC and the supply chain vulnerabilities in OpenSSH and SystemD. It includes code examples and performance comparisons to illustrate the impact of IFUNC.

This script extracts and decodes malicious payloads embedded in the XZ Utils library (CVE-2024-3094), specifically targeting obfuscated object files and source code modifications. It demonstrates the backdoor mechanism by reconstructing compromised components like `liblzma_la-crc64-fast.o` and `liblzma_la-crc32-fast.o`.

This repository provides a Dockerized environment to reproduce CVE-2024-3094, a backdoor in xz utils. It includes a patched liblzma library and Kubernetes manifests to deploy a vulnerable pod for exploitation testing.

This repository provides detection scripts for CVE-2024-3094, a backdoor in xz utils (liblzma5 versions 5.6.0 and 5.6.1). The scripts check Docker containers, Kubernetes pods, and SBOMs for the presence of the vulnerable library by examining specific byte patterns.

This repository provides a technical analysis and visualization of GitHub activity related to the xz backdoor (CVE-2024-3094), focusing on contributions by suspicious users JiaT75 and Larhzu. It includes datasets and a Python script to plot GitHub events over time.

This repository contains a Bash script that checks if a system is running a vulnerable version of the xz utility (5.6.0 or 5.6.1) affected by CVE-2024-3094. It does not exploit the vulnerability but scans for its presence.

This repository contains an Ansible role designed to deploy the xz backdoor (CVE-2024-3094) on Debian-based systems, including the installation of the backdoor library and the xzbot tool for command execution. It is intended for controlled environments like Ludus for security testing.

This repository contains a bash script that scans for the presence of vulnerable xz versions (5.6.0 or 5.6.1) and checks for specific function signatures in liblzma linked to sshd, which are indicators of CVE-2024-3094. It does not exploit the vulnerability but detects potential exposure.

This repository provides a Kubernetes-based Proof of Concept for CVE-2024-3094, which exploits a backdoor in XZ Utils via a malicious SSH connection. It deploys a vulnerable SSH endpoint and uses the 'xzbot' tool to trigger a bind shell, demonstrating remote code execution (RCE).

This repository contains Ansible playbooks to detect and remediate CVE-2024-3094 (XZ backdoor). It includes scripts to check for vulnerable XZ versions and apply fixes, but does not include functional exploit code.

This repository provides a Python script to detect vulnerable versions of the xz utility (CVE-2024-3094) and optionally install a stable version. It does not contain exploit code but scans for the presence of vulnerable versions.

This repository contains a scanner to check if the installed version of XZ Utils is vulnerable to CVE-2024-3094. It verifies the version number against known vulnerable versions (5.6.0 and 5.6.1) and provides recommendations for mitigation.

This repository is a curated collection of links and references related to the XZ backdoor (CVE-2024-3094), including details on the bad actor, discovery, root cause analysis, and advisories from various organizations. It does not contain exploit code but provides comprehensive technical and contextual information about the vulnerability.

This repository provides a scanner for detecting CVE-2024-3094 (XZ Backdoor) in container images using Trend Micro's Vision One TMAS CLI. It includes a Dockerfile for a vulnerable image and a bash script to automate the scanning process.

This repository contains a Go-based scanner that checks for the presence of the CVE-2024-3094 vulnerability by examining the function signature in liblzma and verifying the xz version. It does not exploit the vulnerability but detects potential exposure.

This repository contains a bash script that checks for the presence of the malicious XZ backdoor (CVE-2024-3094) by verifying XZ version, SSH daemon linkage with LZMA, and specific byte patterns in the LZMA library. It does not exploit the vulnerability but detects potential compromise.

The repository contains a scanner for CVE-2024-21762, a Fortinet SSL VPN vulnerability, which checks for the presence of the vulnerability by sending crafted HTTP requests. It does not include exploit code but provides detection capabilities.

The repository contains detection scripts for CVE-2024-3094, which check for vulnerable versions of liblzma and xz. It does not include exploit code but provides tools to identify affected systems.

This repository provides a detailed technical analysis of CVE-2024-3094, including a patch diff, attack flow, and defensive measures like YARA rules. It does not contain functional exploit code but offers in-depth research on the XZ backdoor mechanism.

This repository contains a functional exploit for CVE-2024-3094 (regreSSHion), targeting a signal handler race condition in OpenSSH's server (sshd) on glibc-based Linux systems. The exploit leverages a race condition in the SIGALRM handler to achieve remote code execution as root.

This repository contains a bash script to detect if the installed version of xz-utils (liblzma5) is vulnerable to CVE-2024-3094. It checks the version number and prompts the user to update if a vulnerable version is found.

This repository contains a Python script that scans for the presence of CVE-2024-3094 by checking the version of xz and the signature of liblzma. It does not exploit the vulnerability but detects vulnerable versions.

The repository contains a bash script that scans for the presence of vulnerable versions of the xz library (5.6.0 or 5.6.1) and checks for a specific function signature in liblzma associated with CVE-2024-3094. It does not include exploit code but provides detection capabilities.

This repository contains a case study and presentation materials on the XZ Utils backdoor (CVE-2024-3094), focusing on the supply-chain attack mechanism, detection, and mitigation strategies. It includes references to official disclosures and technical analyses but does not contain exploit code.

This repository provides a detailed technical analysis of CVE-2024-3094, a backdoor vulnerability in the xz compression library (versions 5.6.0 and 5.6.1) that allows unauthorized remote code execution via SSH. It includes mitigation steps, detection methods, and lessons learned from the incident.

This repository contains a detailed threat intelligence report on CVE-2024-3094, a supply chain backdoor in xz-utils versions 5.6.0 and 5.6.1. It includes technical details, indicators of compromise, mitigation steps, and references to official sources.

This repository contains a functional exploit PoC for CVE-2024-3094, the XZ backdoor in liblzma. It includes a Docker environment for testing, a Go-based tool to trigger the backdoor via SSH authentication, and scripts to patch and inject the malicious library.

This repository contains a detailed writeup and Docker-based lab setup for CVE-2024-3094, the XZ Utils backdoor vulnerability. It includes a Dockerfile and docker-compose.yaml to replicate the vulnerable environment, along with steps to verify the presence of the backdoored liblzma library.

This Ansible playbook checks for vulnerability to CVE-2024-3094 by leveraging an external role. It does not contain exploit code but scans for the presence of the vulnerability.

This repository provides one-liner scripts to check for the presence of vulnerable versions of the `xz` utility (5.6.0 or 5.6.1) affected by CVE-2024-3094. It includes commands for checking installed packages, Docker images using Trivy, and code repositories for references to the `xz` library.

This repository contains a Bash script that detects vulnerable versions of XZ Utils (5.6.0 or 5.6.1) and downgrades them to a safe version (5.4.3) on supported Linux distributions. It does not exploit the vulnerability but scans for its presence.

This repository contains a bash script that scans for the presence of vulnerable xz-utils versions (5.6.0 or 5.6.1) and checks for the specific backdoor signature in the liblzma library linked to sshd. It does not exploit the vulnerability but detects it.

This repository contains a bash script that scans for the presence of the backdoor in XZ Utils (CVE-2024-3094) by checking version numbers and binary patterns. It does not exploit the vulnerability but detects compromised systems.

This repository provides a functional exploit for CVE-2024-3094, which involves a backdoor in the xz compression library affecting OpenSSH. The PoC includes scripts to build a vulnerable OpenSSH environment, patch the malicious liblzma library, and execute arbitrary commands via the backdoor.

This repository provides a detailed technical analysis of CVE-2024-3094, the XZ Utils backdoor, including its mechanism, exploitation requirements, and lab environment setup. It does not contain functional exploit code but offers in-depth research and references.

This repository contains a functional exploit PoC for CVE-2024-3094, demonstrating remote code execution via a backdoor in the XZ Utils library. It includes a Dockerized environment with a vulnerable version of XZ Utils and a test suite to verify exploitation.

The repository contains only a README.md file with no actual exploit code or technical analysis. It appears to be a placeholder or incomplete repository.

This repository contains a functional PoC for CVE-2024-3094, a backdoor in xz-utils affecting OpenSSH. It includes a Dockerized test environment, automated tests for detecting timing anomalies, and a PoC script to emulate the vulnerability.

The repository contains only a README.md file with a title and no technical details or exploit code. It appears to be a placeholder or incomplete writeup for CVE-2024-3094.

This repository provides a comprehensive technical analysis of CVE-2024-3094, detailing the supply-chain attack on XZ Utils, its obfuscation techniques, activation conditions, and remediation steps. It includes a deep dive into the backdoor's mechanics and the social engineering campaign behind it.

This repository contains scripts to detect the presence of the backdoor in liblzma (CVE-2024-3094) by checking for specific function signatures and xz versions. It does not include exploit code but provides detection capabilities.

This repository provides a detailed technical analysis of CVE-2024-3094, focusing on the root cause, attack chain, and defensive strategies from a blue team perspective. It includes a conceptual demonstration of how malicious shared libraries can execute code when loaded by trusted programs.

The repository contains only a README.md file with the CVE identifier and no additional technical details or exploit code. It lacks any meaningful content to classify it as a working PoC, scanner, or writeup.

This repository provides a functional script to recreate the obfuscation technique used in the XZ Utils backdoor (CVE-2024-3094). It demonstrates how to inject a malicious payload into the 'good-large_compressed.lzma' file, which is then extracted during the compilation process of xzutils v5.6.0.

This repository contains a shell script designed to detect and mitigate CVE-2024-3094, a backdoor in xz-utils versions 5.6.0 and 5.6.1. The script checks for vulnerable versions and attempts to upgrade or install a safe version (5.4.6) if necessary.

The repository claims to provide tools for detecting and mitigating CVE-2024-3094 but contains no actual code or technical details. It appears to be a placeholder with vague descriptions and no functional content.

This repository provides a detailed technical analysis and Docker-based lab setup for CVE-2024-3094, the XZ Utils backdoor. It includes steps to verify the vulnerable liblzma5 version and a PoC script to detect the backdoor, though it does not include functional exploit code.

This repository provides a functional PoC for CVE-2024-3094, demonstrating command execution in a Kubernetes pod via a malicious liblzma library. It includes deployment configurations and scripts to exploit the vulnerability, including shutting down nodes.

This repository contains a detailed technical analysis of CVE-2024-3094, the XZ Utils backdoor, including its discovery, impact, and the social engineering tactics used to introduce it. It provides a comprehensive overview of the vulnerability's mechanics and broader implications for supply chain security.

This repository contains detailed technical analysis and documentation about CVE-2024-3094, the xz supply chain attack, including multiple markdown files discussing the backdoor, its discovery, and related tools. No functional exploit code is present.

This repository provides a YARA rule to detect the backdoor in liblzma from XZ Utils versions 5.6.0 and 5.6.1. It is a detection tool rather than an exploit, designed to identify compromised systems.

This repository contains a scanner tool designed to detect the presence of the backdoor signature associated with CVE-2024-3094 in files. It uses memory-mapped file scanning and a Boyer-Moore-like algorithm to search for the specific binary signature of the xz backdoor.

This repository contains a Bash script that scans for the presence of CVE-2024-3094 by checking XZ/LZMA versions and detecting malicious byte patterns in linked libraries. It does not exploit the vulnerability but provides a detailed assessment of system exposure.

This script scans for files matching 'liblzma*' and checks their SHA256 hashes against a list of known malicious hashes to detect potential backdoors related to CVE-2024-3094. It does not exploit the vulnerability but identifies compromised files.

This repository contains a bash script that checks if the installed xz-utils package is vulnerable to CVE-2024-3094 by comparing version numbers. It does not exploit the vulnerability but scans for its presence.

This repository provides a functional environment to test the CVE-2024-3094 SSH backdoor exploit using a chroot-based container with systemd integration. It includes a pre-patched liblzma.so and a static binary of the xzbot exploit tool for testing.

This repository contains a bash script that detects whether the installed version of XZ Utils is vulnerable to CVE-2024-3094. It checks the version number against known affected versions (5.6.0 and 5.6.1) and reports vulnerability status.

This repository contains a bash script that checks for the presence of vulnerable versions of XZ Utils (5.6.0 or 5.6.1) affected by CVE-2024-3094. It does not exploit the vulnerability but scans for it by checking the installed version.

This repository contains a Python script that detects the presence of the malicious XZ backdoor (CVE-2024-3094) by checking XZ version, SSH daemon linkage with LZMA, and specific byte patterns in the LZMA library. It does not exploit the vulnerability but scans for indicators of compromise.

The repository contains only a GitHub Actions workflow for Docker and a Makefile, with no actual exploit code or technical details about CVE-2024-3094. It appears to be a placeholder or incomplete project.

This script queries the Wazuh API to detect systems with the vulnerable 'liblzma5' package, which is associated with the XZ backdoor (CVE-2024-3094). It authenticates with the Wazuh API, searches for affected packages, and exports results to a CSV file.

This repository provides detection scripts for CVE-2024-3094, a backdoor in xz utils (liblzma). It includes scripts to scan Docker containers, Kubernetes pods, and SBOMs for vulnerable versions of liblzma5 (5.6.0 or 5.6.1).

This repository contains two bash scripts designed to detect the presence of the backdoored liblzma library (CVE-2024-3094) on a system. The scripts check for vulnerable xz versions and scan binaries/libraries for dependencies on the malicious liblzma.

This repository contains a Python script that checks for vulnerable versions of xz-utils (CVE-2024-3094) and offers to install a stable version. It does not exploit the vulnerability but scans for it.

The repository contains a detection script for CVE-2024-3094, a supply chain attack in XZ Utils (liblzma). The script checks for the presence of a malicious backdoor in the `sshd` binary by verifying a specific function signature in the linked `liblzma` library.

This repository contains an Ansible playbook designed to detect and patch systems vulnerable to CVE-2024-3094, a backdoor in xz-utils versions 5.6.0 and 5.6.1. It checks installed package versions and downgrades to a safe version (5.4.6) if vulnerable versions are found.

The repository lacks actual exploit code and instead redirects to external links for details, which is characteristic of suspicious repositories. No technical details or functional PoC are provided.

This repository contains a Bash script that detects and optionally remediates CVE-2024-3094, a supply chain compromise in xz-utils. It checks for vulnerable versions and can downgrade to a safe version, but does not exploit the vulnerability.

This repository contains a detection script for CVE-2024-3094, which checks if the liblzma library used by sshd is vulnerable by verifying the presence of a specific byte signature. It does not exploit the vulnerability but scans for its presence.

This repository contains a Bash script that checks for vulnerable versions of xz-utils (5.6.0 or 5.6.1) and offers to replace them with a stable version (5.4.6). It does not exploit the vulnerability but provides a detection and remediation tool.

This repository contains a Bash script to detect the presence of CVE-2024-3094, a backdoor in the xz compression library. The script checks for the vulnerable function signature in liblzma and verifies the xz version.

This repository contains a Zabbix template for detecting potentially vulnerable versions of liblzma5 (xz-utils) affected by CVE-2024-3094. It uses a Zabbix item to check the installed version and triggers an alert if a vulnerable version is detected.