Skip to content

Quick and dirty PoC for checking whether a vulnerable version of xz-utils is installed (CVE-2024-3094)

Notifications You must be signed in to change notification settings

FabioBaroni/CVE-2024-3094-checker

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
 
 
 
 

Repository files navigation

CVE-2024-3094 checker

xz Utils versions 5.6.0 and 5.6.1 appear to be compromised.

XZ Utils is data compression software and may be present in Linux distributions. The malicious code may allow unauthorized access to affected systems.

Sources:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3094

https://access.redhat.com/security/cve/CVE-2024-3094

https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users

https://www.openwall.com/lists/oss-security/2024/03/29/4

CISA recommends developers and users to downgrade XZ Utils to an uncompromised version such as XZ Utils 5.4.6 Stable.

You can use this script to quickly check whether your Linux system contains a vulnerable version of XZ Utils, uninstall it and eventually attempt installing a safe version automatically.

Usage:

wget https://raw.githubusercontent.com/FabioBaroni/CVE-2024-3094-checker/main/CVE-2024-3094-checker.sh
chmod +x CVE-2024-3094-checker.sh
./CVE-2024-3094-checker.sh

Disclaimer:

This shell script is provided as-is and without warranty of any kind, express or implied. By executing this script, you acknowledge that you do so at your own risk. The author(s) of this script shall not be liable for any damages or issues that may arise from its use, including but not limited to data loss, system instability, or any other unintended consequences. It is recommended to review the script and understand its functionality before running it, and to ensure that appropriate backups are in place. Use of this script implies your acceptance of these terms.

About

Quick and dirty PoC for checking whether a vulnerable version of xz-utils is installed (CVE-2024-3094)

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages