[kwlug-disc] Fw: Backdoor found in widely used Linux utility
Khalid Baheyeldin
kb at 2bits.com
Sat Mar 30 10:36:42 EDT 2024
Here is a quick way to find out if your system has the exploit or not.
This is based on the script in the link I posted earlier, but it will
not work if copy/pasted.
if hexdump -ve '1/1 "%.2x"' /lib/x86_64-linux-gnu/liblzma.so.5 |
grep -q f30f1efa554889f54c89ce5389fb81e7000000804883ec28488954241848894c2410
then
echo "Probably vulnerable"
else
echo "Likely not vulnerable"
fi
If you get a file not found error, then replace the path
"/lib/x86_64-linux-gnu/liblzma.so.5"
with where your liblzma.so library is.
More information about the kwlug-disc
mailing list