18 Nov 2023
#xdetection
18 Nov 2023
CVEs
6.5 Medium Severity
OS
FedoraFedoraproject
See Also
NVD - VulnerabilitiesApps
PoC video
xdetection
Description
Comments (0)
FAQs
Does CVE-2024-3094 affect Ubuntu? ›
The affected version of xz-utils was only in noble-proposed, and was removed before migrating to noble itself. No released versions of Ubuntu were affected by this issue.
Which OpenSSH version is not vulnerable? ›OpenSSH 4.4 and newer is not vulnerable to the SSH protocol 1 denial of service attack described in the OpenSSH 4.4 release notes.
What is the vulnerability of OpenSSH 9.2 p1? ›CVE-2023-25136, a pre-authentication double-free vulnerability, has been fixed in OpenSSH version 9.2p1. The vulnerability is highly severe, with a CVSS score of 9.8, and could be used to cause a denial-of-service (DoS) or remote code execution (RCE).
What is CVE-2024-3094 impacted OS? ›And, as of this writing, CVE-2024-3094 is only confirmed to impact Fedora Rawhide, Fedora Linux 40, Debian (testing, unstable, and experimental distributions, versions ranging from 5.5. 1alpha-0.1 up to and including 5.6. 1-1), Arch Linux, Kali Linux, openSUSE Tumbleweed, and openSUSE MicroOS.
Who is vulnerable to a xz backdoor? ›According to Brjann Brekkan of Microsoft, multiple Linux distributions, including Fedora, Debian, openSUSE, and Kali Linux, have been impacted by a backdoor discovered in the XZ Utils library.
Who is affected by the XZ backdoor? ›While XZ Utils is available on most Linux distributions and other Unix-like operating systems (OSes), only certain Linux distributions are impacted by the xz backdoor vulnerability: Fedora 41 and Fedora Rawhide. Alpine Linux. Arch Linux (installation medium 2024.03.
Why SSH is not recommended? ›It's not that SSH isn't secure, but that a hacker could hack your computer, and then get access to the company's network, and they would have no way of knowing the difference.
Is there a difference between OpenSSH and SSH? ›OpenSSH is the open-source version of the Secure Shell (SSH) tools used by administrators of Linux and other non-Windows for cross-platform management of remote systems.
Is SSH a security risk? ›Attackers can hijack a user's SSH session by exploiting the trusted communication established between multiple systems. This is done by hijacking or gaining unauthorized access to the user's socket. That is why it is better to avoid default configurations, as those compromise the privileged user access.
What is OpenSSH used for? ›OpenSSH (also known as OpenBSD Secure Shell) is a suite of secure networking utilities based on the Secure Shell (SSH) protocol, which provides a secure channel over an unsecured network in a client–server architecture.
What is OpenSSH vulnerability? ›
A vulnerability was identified in OpenSSH. A remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system. Note: Exploitation requires the presence of specific libraries on the victim system.
What attacks is SSH vulnerable to? ›Almost 11 million internet-exposed SSH servers are vulnerable to the Terrapin attack that threatens the integrity of some SSH connections. The Terrapin attack targets the SSH protocol, affecting both clients and servers, and was developed by academic researchers from Ruhr University Bochum in Germany.
What is the CVE vulnerability of Chrome? ›Google on Monday shipped emergency fixes to address a new zero-day flaw in the Chrome web browser that has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2024-4761, is an out-of-bounds write bug impacting the V8 JavaScript and WebAssembly engine.
What versions are vulnerable to SMBGhost? ›The SMBGhost vulnerability affects the compression feature of SMBv3 (version 3.1. 1) and exposes systems that run Windows 10 (1903 and 1909) and Windows Server (1903, 1909). Older versions of the Windows OS, such as Windows 7 and 8, carry no risk of this vulnerability as they don't support SMBv3 compression.
What is CVE in OS? ›CVE, short for Common Vulnerabilities and Exposures, is a list of publicly disclosed computer security flaws.
What Linux distros are affected by CVE-2024-3094? ›Which Linux distributions are vulnerable to CVE-2024-3094?
| Linux Distribution Name | Distribution version |
|---|---|
| Kali Linux | Kali linux machines updated between March 26-30, 2024 |
| Alpine | Edge (active development) Also, potentially, any released version of Alpine using Edge packages |
| Arch Linux | Any version with xz 5.6.0-1 or 5.6.1-1. |
Mar 30, 2024
You've got an Ubuntu system, and your years of working with Windows makes you concerned about viruses -- that's fine. There is no virus by definition in almost any known and updated Unix-like operating system, but you can always get infected by various malware like worms, trojans, etc.
Can Windows virus affect Ubuntu? ›A virus is a computer program. Windows viruses do not affect Linux for the same reason that Microsoft Excel doesn't run on Linux: Linux does not run Windows programs.
Is Ubuntu affected by the backdoor? ›Is Ubuntu LTS affected by the XZ backdoor? LTS and currently stable releases of Ubuntu do not have versions of xz that are affected by this, so existing Ubuntu releases are unaffected. The impacted xz versions were only in noble-proposed which impacts only the in-development release.