{"id":6373,"date":"2024-04-03T23:26:18","date_gmt":"2024-04-03T21:26:18","guid":{"rendered":"https:\/\/sajberinfo.com\/?p=6373"},"modified":"2024-04-07T14:46:28","modified_gmt":"2024-04-07T12:46:28","slug":"backdoor-pronadjen-u-xz-utils-za-linux","status":"publish","type":"post","link":"http:\/\/sajberinfo.com\/en\/2024\/04\/03\/backdoor-pronadjen-u-xz-utils-za-linux\/","title":{"rendered":"Backdoor prona\u0111en u XZ Utils za Linux"},"content":{"rendered":"<p><span style=\"font-size: 14pt;\"><em>Backdoor<\/em> prona\u0111en u <em>XZ<\/em> <em>Utils<\/em> za <em>Linux<\/em> stoji u <a href=\"https:\/\/www.redhat.com\/en\/blog\/urgent-security-alert-fedora-41-and-rawhide-users\" target=\"_blank\" rel=\"noopener\">objavi kompanije <em>Red Hat<\/em><\/a>. Rije\u010d je o dvije verzije popularne biblioteke za kompresiju podataka pod nazivom <em>XZ Utils<\/em> (ranije poznata kao <em>LZMA Utils<\/em>) u koje je bio uba\u010den zlonamjerni k\u00f4d dizajniran da omogu\u0107i neovla\u0161teni daljinski pristup. Ranjivost je ozna\u010dena kao <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-3094\" target=\"_blank\" rel=\"noopener\"><em>CVE-2024-3094<\/em><\/a> sa maksimalnom <em>CVSS<\/em> ocjenom 10.<\/span><\/p>\n<div id=\"attachment_6376\" style=\"width: 1034px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-6376\" class=\"size-full wp-image-6376\" src=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/04\/XZ-UTILS.jpg\" alt=\"XZ UTILS\" width=\"1024\" height=\"1024\" srcset=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/04\/XZ-UTILS.jpg 1024w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/04\/XZ-UTILS-300x300.jpg 300w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/04\/XZ-UTILS-150x150.jpg 150w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/04\/XZ-UTILS-768x768.jpg 768w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/04\/XZ-UTILS-12x12.jpg 12w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/04\/XZ-UTILS-80x80.jpg 80w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/04\/XZ-UTILS-320x320.jpg 320w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><p id=\"caption-attachment-6376\" class=\"wp-caption-text\"><em>Backdoor prona\u0111en u XZ Utils za Linux; Source: Bing Image Creator<\/em><\/p><\/div>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Sadr\u017eaj<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #ffffff;color:#ffffff\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #ffffff;color:#ffffff\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewbox=\"0 0 24 24\" version=\"1.2\" baseprofile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"http:\/\/sajberinfo.com\/en\/2024\/04\/03\/backdoor-pronadjen-u-xz-utils-za-linux\/#XZ_UTILS_ZLOUPOTREBA\">XZ UTILS ZLOUPOTREBA<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"http:\/\/sajberinfo.com\/en\/2024\/04\/03\/backdoor-pronadjen-u-xz-utils-za-linux\/#KOMPROMITOVANJE\">KOMPROMITOVANJE<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"http:\/\/sajberinfo.com\/en\/2024\/04\/03\/backdoor-pronadjen-u-xz-utils-za-linux\/#Kompromitovane_distribucije\">Kompromitovane distribucije<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"http:\/\/sajberinfo.com\/en\/2024\/04\/03\/backdoor-pronadjen-u-xz-utils-za-linux\/#OTKRICE\">OTKRI\u0106E<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"http:\/\/sajberinfo.com\/en\/2024\/04\/03\/backdoor-pronadjen-u-xz-utils-za-linux\/#ZAKLJUCAK\">ZAKLJU\u010cAK<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"http:\/\/sajberinfo.com\/en\/2024\/04\/03\/backdoor-pronadjen-u-xz-utils-za-linux\/#ZASTITA\">ZA\u0160TITA<\/a><\/li><\/ul><\/nav><\/div>\n\n<h2><span class=\"ez-toc-section\" id=\"XZ_UTILS_ZLOUPOTREBA\"><\/span><span style=\"font-size: 14pt;\"><strong><em>XZ UTILS<\/em> ZLOUPOTREBA<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\"><a href=\"https:\/\/sajberinfo.com\/en\/2022\/03\/19\/hakeri-crni-sesiri-epizoda-3\/\" target=\"_blank\" rel=\"noopener\">Zlonamjerni akter<\/a> je bio u mogu\u0107nosti da 23. februara 2024. godine unese k\u00f4d u <em>XZ<\/em> <em>Utils<\/em> uslu\u017eni program na <em>Github<\/em> platformi koji je izmijenio proces izgradnje. Izmijenjeni proces izgradnje uslu\u017enog programa je tada obuhvatao zlonamjernu datoteku tokom kompilacije <em>liblzma<\/em> biblioteke. Primarni cilj ovog napada su distribucije <em>Linux<\/em> operativnog sistema koje koriste <em>Secure Shell Daemon<\/em> &#8211; <em>SSH<\/em> <em>daemon<\/em> ili <em>SSHD<\/em>, \u0161to \u0107e dovesti do uticaja na mnoge korisnike.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Jednom kada <em>SSHD<\/em> u\u010dita zlonamjernu biblioteku, tok autentifikacije se preusmjerava tokom provjere <em>RSA<\/em> klju\u010da. Kada ima kontrolu toka autentifikacije, biblioteka mo\u017ee da odobri pristup na osnovu kriterijuma koje je postavio napada\u010d. Ovo su najvjerovatnije <em>RSA<\/em> klju\u010devi napada\u010da ili neki drugi podaci koje samo napada\u010d zna. U ovom scenariju, niti jedna autentifikacija zasnovana na <a href=\"https:\/\/sajberinfo.com\/en\/2019\/02\/24\/lozinka-password-sifra\/\" target=\"_blank\" rel=\"noopener\">lozinki<\/a> ili javnom klju\u010du (eng. <em>public key infrastructure \u2013 PKI<\/em>) ne bi bila efikasna u ovom trenutku.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"KOMPROMITOVANJE\"><\/span><span style=\"font-size: 14pt;\"><strong>KOMPROMITOVANJE<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Intrigantan je aspekt ove prijetnje je metod koji je kori\u0161ten za kompromitovanje. Zlonamjerni akteri su dodali zamagljene <em>.m4<\/em> datoteke u <em>XZ<\/em> arhive koje su maskirane da bi se sakrile njihove prave namjene. Ovdje se postavlja o\u010digledno pitanje bezbjednosnih praksi koje su vezane za <em>XZ<\/em> projekat, odnosno kako je aktivni saradnik u ovom projektu dodao ove datoteke, a da nije bio otkriven?<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Kako god, posljedice ovog \u010dina su dalekose\u017ene, jer izmijenjene kompresione biblioteke <em>liblzma<\/em> uti\u010du na <em>Linux<\/em> distribucije koje uklju\u010duju <em>libsystemd<\/em>, koji zavisi od <em>liblzma<\/em> biblioteke. To u su\u0161tini zna\u010di da bi <em>SSH<\/em> usluge u <em>Linux<\/em> distribucijama koje koriste ovu biblioteku, mogle biti izlo\u017eene neovla\u0161tenom pristupu. Sama mogu\u0107nost <em>SSH<\/em> kompromitovanja izaziva ozbiljnu zabrinutost kod sigurnosnih istra\u017eiva\u010da i bezbjednosnih timova, jer je <em>SSH<\/em> osnovni alat koji se koristi za daljinski pristup sistemima i upravljanje njima.<\/span><\/p>\n<p>&nbsp;<\/p>\n<blockquote><p><span style=\"font-size: 14pt;\"><em>\u201cBackdoor poku\u0161aj bio je veoma ozbiljan, sa veoma visokim stepenom znanja, istra\u017eivanja, razvoja i poznavanja da se dopire ovako daleko u Linux ekosistem. Pored toga, promjene koje je izvr\u0161io zlonamjerni akter na Github-u obuhvataju vi\u0161e godina i uklju\u010duju stvari kao \u0161to su uvo\u0111enje funkcija koje nisu kompatibilne sa OSS Fuzzer-om zbog otvorenih malih problema od 2015. godine, zatim tra\u017eenje OSS Fuzzer-a da isklju\u010di XZ Utils iz skeniranja pro\u0161le godine. Sam backdoor je super sastavljen, pa \u010dak uklju\u010duje i mogu\u0107nost daljinskog deaktiviranja i backdoor uklanjanja putem kill komande. Nekoliko dana, uprkos globalnom fokusu, nisam video nikoga ko je zavr\u0161io reverzni in\u017eenjering.\u201d<\/em><\/span><\/p>\n<p style=\"text-align: right;\"><span style=\"font-size: 14pt;\"><em>\u00a0<\/em><\/span><span style=\"font-size: 14pt;\"><em>&#8211; <\/em><a href=\"https:\/\/doublepulsar.com\/inside-the-failed-attempt-to-backdoor-ssh-globally-that-got-caught-by-chance-bbfe628fafdd\" target=\"_blank\" rel=\"noopener\"><em>Kevin Beaumont, researcher<\/em><\/a><em> &#8211;<\/em><\/span><\/p>\n<\/blockquote>\n<p>&nbsp;<\/p>\n<p><span style=\"font-size: 14pt;\">Pogo\u0111ene verzije su <em>XZ<\/em> <em>5.6.0<\/em> i <em>5.6.1<\/em> alata za kompresiju <em>XZ<\/em> i i biblioteke za kompresiju jezgra <em>liblzma<\/em> sa kojima se povezuju.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Kompromitovane_distribucije\"><\/span><span style=\"font-size: 14pt;\"><strong>Kompromitovane distribucije<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>&nbsp;<\/p>\n<p><span style=\"font-size: 14pt;\">Napad je uticao na sljede\u0107e distribucije:<\/span><\/p>\n<p>&nbsp;<\/p>\n<table width=\"0\">\n<tbody>\n<tr>\n<td width=\"90\"><span style=\"font-size: 14pt;\">Distribucija<\/span><\/td>\n<td width=\"148\"><span style=\"font-size: 14pt;\">Pogo\u0111ena verzija<\/span><\/td>\n<td width=\"140\"><span style=\"font-size: 14pt;\">Pogo\u0111ene verzije<\/span><\/td>\n<td width=\"144\"><span style=\"font-size: 14pt;\">Ubla\u017eavanje<\/span><\/td>\n<td width=\"121\"><span style=\"font-size: 14pt;\">Napomena<\/span><\/td>\n<\/tr>\n<tr>\n<td width=\"90\"><span style=\"font-size: 14pt;\"><a href=\"https:\/\/fedoramagazine.org\/cve-2024-3094-security-alert-f40-rawhide\/\" target=\"_blank\" rel=\"noopener\"><em>Fedora<\/em><\/a><\/span><\/td>\n<td width=\"148\"><span style=\"font-size: 14pt;\"><em>40, 41, Rawhide <\/em>(aktivni razvoj)<\/span><\/td>\n<td width=\"140\"><span style=\"font-size: 14pt;\"><em>xz-5.6.0-*<\/em><\/span><\/p>\n<p><span style=\"font-size: 14pt;\"><em>xz-5.6.1-*<\/em><\/span><\/td>\n<td width=\"144\"><span style=\"font-size: 14pt;\"><em>Fedora 40<\/em> \u2013 A\u017eurirati na zadnju verziju (<em>5.4.x<\/em>).<\/span><\/p>\n<p><span style=\"font-size: 14pt;\"><em>Fedora 41<\/em> <em>&amp;<\/em> <em>Rawhide<\/em> \u2013 Odmah prestati koristiti<\/span><\/td>\n<td width=\"121\"><\/td>\n<\/tr>\n<tr>\n<td width=\"90\"><span style=\"font-size: 14pt;\"><a href=\"https:\/\/lists.debian.org\/debian-security-announce\/2024\/msg00057.html\" target=\"_blank\" rel=\"noopener\"><em>Debian<\/em><\/a><\/span><\/td>\n<td width=\"148\"><span style=\"font-size: 14pt;\">test, nestabilna (sid), eksperimentalna<\/span><\/td>\n<td width=\"140\"><span style=\"font-size: 14pt;\"><em>xz-utils 5.5.1alpha-0.1<\/em><\/span><\/p>\n<p><span style=\"font-size: 14pt;\"><em>(<\/em>otpremljeno<em> 2024-02-01), <\/em>do i uklju\u010duju\u0107i <em>5.6.1-1<\/em><\/span><\/td>\n<td width=\"144\"><span style=\"font-size: 14pt;\">A\u017eurirati na zadnju verziju (<em>5.6.1+really5.4.5-1<\/em>)<\/span><\/td>\n<td width=\"121\"><span style=\"font-size: 14pt;\">Nijedna stabilna verzija nije pogo\u0111ena.<\/span><\/td>\n<\/tr>\n<tr>\n<td width=\"90\"><span style=\"font-size: 14pt;\"><a href=\"https:\/\/security.alpinelinux.org\/vuln\/CVE-2024-3094\" target=\"_blank\" rel=\"noopener\"><em>Alpine<\/em><\/a><\/span><\/td>\n<td width=\"148\"><span style=\"font-size: 14pt;\"><em>Edge<\/em> (aktivni razvoj)<\/span><\/td>\n<td width=\"140\"><span style=\"font-size: 14pt;\"><em>xz 5.6.1-r0, 5.6.1-r1<\/em><\/span><\/td>\n<td width=\"144\"><span style=\"font-size: 14pt;\">A\u017eurirati na zadnju verziju (<em>5.6.1-r2<\/em>)<\/span><\/td>\n<td width=\"121\"><span style=\"font-size: 14pt;\">Nijedna stabilna verzija nije pogo\u0111ena.<\/span><\/td>\n<\/tr>\n<tr>\n<td width=\"90\"><span style=\"font-size: 14pt;\"><a href=\"https:\/\/www.kali.org\/blog\/about-the-xz-backdoor\/\" target=\"_blank\" rel=\"noopener\"><em>Kali<\/em><\/a><\/span><\/td>\n<td width=\"148\"><span style=\"font-size: 14pt;\">Nije dostupno.<\/span><\/td>\n<td width=\"140\"><span style=\"font-size: 14pt;\"><em>xz-utils 5.6.0-0.2<\/em><\/span><\/p>\n<p><span style=\"font-size: 14pt;\">(<em>Kali<\/em> instalacije a\u017eurirane izme\u0111u 26. i 29. marta)<\/span><\/td>\n<td width=\"144\"><span style=\"font-size: 14pt;\">A\u017eurirati na zadnju verziju (<em>5.6.1+really5.4.5-1<\/em>)<\/span><\/td>\n<td width=\"121\"><\/td>\n<\/tr>\n<tr>\n<td width=\"90\"><span style=\"font-size: 14pt;\"><a href=\"https:\/\/news.opensuse.org\/2024\/03\/29\/xz-backdoor\/\" target=\"_blank\" rel=\"noopener\"><em>OpenSUSE<\/em><\/a><\/span><\/td>\n<td width=\"148\"><span style=\"font-size: 14pt;\"><em>Tumbleweed<\/em><\/span><\/td>\n<td width=\"140\"><span style=\"font-size: 14pt;\"><em>xz-5.6.0, xz-5.6.1<\/em><\/span><\/td>\n<td width=\"144\"><span style=\"font-size: 14pt;\">A\u017eurirati na zadnju verziju (<em>5.6.1.revertto5.4<\/em>)<\/span><\/td>\n<td width=\"121\"><\/td>\n<\/tr>\n<tr>\n<td width=\"90\"><span style=\"font-size: 14pt;\"><a href=\"https:\/\/archlinux.org\/news\/the-xz-package-has-been-backdoored\/\" target=\"_blank\" rel=\"noopener\"><em>Arch Linux<\/em><\/a><\/span><\/td>\n<td width=\"148\"><span style=\"font-size: 14pt;\">Nije dostupno.<\/span><\/td>\n<td width=\"140\"><span style=\"font-size: 14pt;\"><em>xz 5.6.0-1<\/em><\/span><\/td>\n<td width=\"144\"><span style=\"font-size: 14pt;\">A\u017eurirati na zadnju verziju (<em>5.6.1-2<\/em>)<\/span><\/td>\n<td width=\"121\"><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<p><span style=\"font-size: 14pt;\">Na sljede\u0107e distribucije ovo nije uticalo:<\/span><\/p>\n<p>&nbsp;<\/p>\n<table width=\"0\">\n<tbody>\n<tr>\n<td style=\"width: 103px;\"><span style=\"font-size: 14pt;\">Distribucija<\/span><\/td>\n<td style=\"width: 80px;\"><span style=\"font-size: 14pt;\">Pogo\u0111ena verzija<\/span><\/td>\n<td style=\"width: 86px;\"><span style=\"font-size: 14pt;\">Pogo\u0111ene verzije<\/span><\/td>\n<td style=\"width: 118px;\"><span style=\"font-size: 14pt;\">Ubla\u017eavanje<\/span><\/td>\n<td style=\"width: 255px;\"><span style=\"font-size: 14pt;\">Napomena<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 103px;\"><span style=\"font-size: 14pt;\"><a href=\"https:\/\/www.redhat.com\/en\/blog\/urgent-security-alert-fedora-41-and-rawhide-users\" target=\"_blank\" rel=\"noopener\">Red Hat Enterprise Linux<\/a><\/span><\/td>\n<td style=\"width: 80px;\"><span style=\"font-size: 14pt;\">Nije dostupno.<\/span><\/td>\n<td style=\"width: 86px;\"><span style=\"font-size: 14pt;\">Nije dostupno.<\/span><\/td>\n<td style=\"width: 118px;\"><span style=\"font-size: 14pt;\">Nije dostupno.<\/span><\/td>\n<td style=\"width: 255px;\"><span style=\"font-size: 14pt;\">Niti jedna verzija <em>Red Hat Enterprise Linux<\/em> (<em>RHEL<\/em>) nije pogo\u0111ena.<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 103px;\"><span style=\"font-size: 14pt;\"><a href=\"https:\/\/ubuntu.com\/security\/CVE-2024-3094\" target=\"_blank\" rel=\"noopener\">Ubuntu<\/a><\/span><\/td>\n<td style=\"width: 80px;\"><span style=\"font-size: 14pt;\">Nije dostupno.<\/span><\/td>\n<td style=\"width: 86px;\"><span style=\"font-size: 14pt;\">Nije dostupno.<\/span><\/td>\n<td style=\"width: 118px;\"><span style=\"font-size: 14pt;\">Nije dostupno.<\/span><\/td>\n<td style=\"width: 255px;\"><span style=\"font-size: 14pt;\">Pogo\u0111ena verzija <em>xz-utils<\/em> je bila samo u prijedlogu <em>noble<\/em> verzije i uklonjena je prije kona\u010dne <em>noble<\/em> verzije.<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 103px;\"><span style=\"font-size: 14pt;\"><a href=\"https:\/\/aws.amazon.com\/security\/security-bulletins\/AWS-2024-002\/\" target=\"_blank\" rel=\"noopener\">Amazon Linux<\/a><\/span><\/td>\n<td style=\"width: 80px;\"><span style=\"font-size: 14pt;\">Nije dostupno.<\/span><\/td>\n<td style=\"width: 86px;\"><span style=\"font-size: 14pt;\">Nije dostupno.<\/span><\/td>\n<td style=\"width: 118px;\"><span style=\"font-size: 14pt;\">Nije dostupno.<\/span><\/td>\n<td style=\"width: 255px;\"><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 103px;\"><span style=\"font-size: 14pt;\"><a href=\"https:\/\/www.chainguard.dev\/unchained\/chainguards-response-to-cve-2024-3094-aka-the-backdoor-in-xz-library\" target=\"_blank\" rel=\"noopener\">Wolfi<\/a><\/span><\/td>\n<td style=\"width: 80px;\"><span style=\"font-size: 14pt;\">Nije dostupno.<\/span><\/td>\n<td style=\"width: 86px;\"><span style=\"font-size: 14pt;\">Nije dostupno.<\/span><\/td>\n<td style=\"width: 118px;\"><span style=\"font-size: 14pt;\">Nije dostupno.<\/span><\/td>\n<td style=\"width: 255px;\"><span style=\"font-size: 14pt;\">Pogo\u0111ena verzija <em>liblzma<\/em> bila je kratko dostupna (sada izba\u010deno) a but <em>Wolfi<\/em> <em>OpenSSH<\/em> ne povezuje sa <em>liblzma<\/em>, \u0161to zna\u010di da nema uticaja.<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 103px;\"><span style=\"font-size: 14pt;\"><a href=\"https:\/\/security.gentoo.org\/glsa\/202403-04\" target=\"_blank\" rel=\"noopener\">Gentoo<\/a><\/span><\/td>\n<td style=\"width: 80px;\"><span style=\"font-size: 14pt;\">Nije dostupno.<\/span><\/td>\n<td style=\"width: 86px;\"><span style=\"font-size: 14pt;\"><em>xz-utils 5.6.0, xz-utils 5.6.1<\/em><\/span><\/td>\n<td style=\"width: 118px;\"><span style=\"font-size: 14pt;\">A\u017eurirati na zadnju verziju (obnavlja <em>5.4.2<\/em>)<\/span><\/td>\n<td style=\"width: 255px;\"><span style=\"font-size: 14pt;\">Iako je <em>Gentoo<\/em> povukao ranjivu verziju, ona nije pogo\u0111ena kako njegov OpenSSH ne radi sa <em>systemd-notify<\/em>, \u0161to je preduslov za <em>backdoor<\/em>.<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"OTKRICE\"><\/span><span style=\"font-size: 14pt;\"><strong>OTKRI\u0106E<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Za <a href=\"https:\/\/sajberinfo.com\/en\/2023\/04\/11\/backdoor\/\" target=\"_blank\" rel=\"noopener\"><em>backdoor<\/em> <\/a>otkri\u0107e je zaslu\u017ean <em>Andres<\/em> <em>Freund<\/em>, programer kompanije <em>Microsoft<\/em> koji je primijetio neke \u010dudne simptome oko <em>liblzma<\/em> (dio <em>XZ<\/em> paketa) kod <em>Debian<\/em> operativnog sistema. Kada je poku\u0161ao da se prijavi kori\u0161tenjem <em>SSH<\/em> protokola, primijetio je da neobi\u010dan porast optere\u0107enja procesora i bilo je potrebno vi\u0161e vremena za prijavu. Zatim je ispitao u \u010demu je problem i otkrio je da su <em>XZ<\/em> skladi\u0161te kao i <em>XZ<\/em> arhiva imali <em>backdoor<\/em>.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Prvobitno je bio posumnjao da je <em>Debian<\/em> paket kompromitovan, me\u0111utim otkrio je da se <em>backdoor <\/em>nailazi u paketu koji se koristi za pakovanje i isporuku korisnicima.<\/span><\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"ZAKLJUCAK\"><\/span><span style=\"font-size: 14pt;\"><strong>ZAKLJU\u010cAK<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Ovaj napad na lanac snabdijevanja je veliki udarac za zajednicu softvera otvorenog k\u00f4da, po\u0161to je <em>XZ<\/em> <em>Utils<\/em> smatran projektom od povjerenja. Napada\u010d je izgradio vjerodostojnu reputaciju programera u zajednici softvera otvorenog k\u00f4da tokom vi\u0161e godina i koristio je veoma zamagljen k\u00f4d kako bi izbjegao otkrivanje pregledom k\u00f4da.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Sada se dolazi do pojave zabrinutosti zbog u\u010de\u0161\u0107a aktivnog saradnika na <em>XZ<\/em> projektu tokom dvije godine zbog \u010dega se po\u010dinju postavljati pitanja o insajderskim prijetnjama i povjerenju u saradnike na projektima otvorenog k\u00f4da. Sve ovo samo nagla\u0161ava potrebu za sna\u017enim procesima provjere i kontinuiranog prac\u0301enja projekata otvorenog k\u00f4da, posebno onih koji se \u0161iroko koriste.<\/span><\/p>\n<p>&nbsp;<\/p>\n<blockquote><p><span style=\"font-size: 14pt;\"><em>\u201cPo\u0161to je backdoor otkriven pre nego \u0161to su zlonamjerne verzije XZ Utils dodate proizvodnim verzijama Linux distribucija, to zapravo ne uti\u010de ni na koga u stvarnom svijetu. Ali to je samo zato \u0161to je rano otkriveno zbog aljkavosti zlonamjernog aktera. Da nije otkriven, bio bi katastrofalan za svijet.\u201d<\/em><\/span><\/p>\n<p style=\"text-align: right;\"><span style=\"font-size: 14pt;\"><em>\u00a0<\/em><\/span><span style=\"font-size: 14pt;\"><em>&#8211; <\/em><a href=\"https:\/\/arstechnica.com\/security\/2024\/03\/backdoor-found-in-widely-used-linux-utility-breaks-encrypted-ssh-connections\/\" target=\"_blank\" rel=\"noopener\"><em>Will Dormann, senior vulnerability analyst; Analygence<\/em><\/a><em> &#8211;<\/em><\/span><\/p>\n<\/blockquote>\n<p><span style=\"font-size: 14pt;\"><em>\u00a0<\/em><\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Ovaj napad je zamalo postao jo\u0161 jedan primjer rizika oslanjanja na volonterski rad da bi se podr\u017eala neka od najva\u017enijih digitalnih infrastruktura na svetu. Ali ovaj slu\u010daj tako\u0111e pokazuje prednosti pristupa. Napadi na lanac snabdijevanja nisu jedinstveni za svet otvorenog k\u00f4da, a nejasna struktura napada \u2013 dobijanje posla na izgradnji nedovoljno istra\u017eene komponente kriti\u010dne infrastrukture i polako i pa\u017eljivo raditi na uvo\u0111enju tajne slabosti u nju \u2013 je ne\u0161to \u0161to mo\u017ee i de\u0161ava se i u normalnim poslovima.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Ono \u0161to se ne de\u0161ava je mogu\u0107nost da se problem u softveru pregleda dio po dio i da se prona\u0111e ta\u010dno trenutak kada je uveden zlonamjerni <em>backdoor<\/em>. Ako napad na lanac snabdijevanja uspije protiv softvera zatvorenog k\u00f4da kod poslovnih organizacija kao \u0161to su <em>Apple, Google<\/em> ili <em>Microsoft,<\/em> trec\u0301im stranama je veoma te\u0161ko \u010dak i otkriti da on uop\u0161te postoji, a popravljanje istog je prakti\u010dno nemoguc\u0301e.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"ZASTITA\"><\/span><span style=\"font-size: 14pt;\"><strong>ZA\u0160TITA<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Korisnicima se preporu\u010duje da odmah svoju <em>xz<\/em> verziju vrate na stariju (<em>5.4.6<\/em> je najnovija verzija koja nije pogo\u0111ena na ve\u0107ini distribucija). Nakon spu\u0161tanja verzije ili ponovo pokrenuti ure\u0111aj ili ponovo pokrenuti <em>OpenSSH<\/em> server da bi se uklonio a\u017eurirani k\u00f4d iz memorije:<\/span><\/p>\n<p><span style=\"font-size: 14pt;\"><em>sudo systemctl restart ssh<\/em><\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Ako nadogradnja nije mogu\u0107a, drugo moguc\u0301e rje\u0161enje je da se iskoristi prednost <em>backdoor<\/em> <a href=\"https:\/\/gist.github.com\/sgammon\/ec604c3fabd1a22dd3cdc381b736b03e\" target=\"_blank\" rel=\"noopener\">\u201eprekida\u010da za ukidanje\u201c (eng. <em>kill switch<\/em>)<\/a>. Dodavanje sljede\u0107eg niza u <em>\/etc\/environment<\/em> \u0107e onemogu\u0107iti zlonamjernu <em>backdoor<\/em> funkcionalnost (primjenjuje se nakon ponovnog pokretanja <em>SSH<\/em> i <em>Sistemd):<\/em><\/span><\/p>\n<p><span style=\"font-size: 14pt;\"><em>yolAbejyiejuvnup=Evjtgvsh5okmkAvj<\/em><\/span><\/p>","protected":false},"excerpt":{"rendered":"<p>Backdoor prona\u0111en u XZ Utils za Linux stoji u objavi kompanije Red Hat. Rije\u010d je o dvije verzije popularne biblioteke za kompresiju podataka pod nazivom XZ Utils (ranije poznata kao LZMA Utils) u koje&#46;&#46;&#46;<\/p>","protected":false},"author":1,"featured_media":6376,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[142,947,946,141,942,943,944,945,941],"class_list":["post-6373","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hronike","tag-backdoor","tag-liblzma","tag-libsystemd","tag-linux","tag-lzma-utils","tag-secure-shell-daemon","tag-ssh-daemon","tag-sshd","tag-xz-utils"],"_links":{"self":[{"href":"http:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/6373","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/comments?post=6373"}],"version-history":[{"count":0,"href":"http:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/6373\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media\/6376"}],"wp:attachment":[{"href":"http:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media?parent=6373"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/categories?post=6373"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/tags?post=6373"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}