[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: xz backdoor

There's also a very through exploration at https://github.com/amlweems/xzbot

Including, very interestingly, a discussion of format(s) of the
payload(s), and a mechanism to replace the backdoor key to play with
executing commands against a popped sshd, as well as some code to go
along with it.

  paultag

On Fri, Apr 5, 2024 at 2:19 PM Daniel Leidert <dleidert@debian.org> wrote:
>
> Am Freitag, dem 29.03.2024 um 23:20 +0100 schrieb Moritz Mühlenhoff:
> > Russ Allbery <rra@debian.org> wrote:
> > > I think this question can only be answered with reverse-engineering of the
> > > backdoors, and I personally don't have the skills to do that.
> >
> > In the pre-disclosure discussion permission was asked to share the payload
> > with a company specialising in such reverse engineering. If that went
> > through, I'd expect results to be publicly available in the next days.
>
> If there is a final result, can we as a project share the results on a
> prominent place? Or at least under d-devel-announce and/or d-security-
> announce? I was also wondering about what could have been compromised,
> what data might have been stolen, etc. And there is so many sources to
> follow right now. So sharing the final results would be great.
>
> Regards, Daniel



-- 
:wq
Reply to: