Protect Your Linux System: Free CVE-2024-3094 Scanner

Binarly, a company specializing in software security, has developed a complimentary online scanner for identifying Linux files vulnerable to a supply chain attack targeting the XZ Utils utilities, designated as CVE-2024-3094.

CVE-2024-3094 constitutes a supply chain compromise within XZ Utils—a suite of tools and libraries for data compression utilized across numerous primary Linux distributions.

The discovery of malicious code in the latest version of the XZ Utils package was made by Microsoft engineer Andres Freund during an investigation into SSH login delays in Debian Sid.

CVE-2024-3094 scanner

The malicious code was inserted by an anonymous member of the developer community in version XZ 5.6.0 and remained in 5.6.1. However, most Linux distributions were utilizing an earlier, secure version of the library. Disseminating the infection to all current distributions would have required considerable time, but fortunately, the backdoor was identified relatively swiftly.

In response to the backdoor’s discovery, the American agency CISA recommended all affected software providers revert XZ Utils in their builds to version 5.4.6 Stable and to inform potential victims of any malicious activity they detect.

Binarly points out that previous threat mitigation methods, based on simple checks such as byte-string matching, file hash blocking, and YARA rules, could lead to false positives. The scanner designed by the company aims to detect such backdoors in any files, utilizing static analysis of binary files to identify substitution of transitions in GNU Indirect Function (IFUNC).

The uniqueness of the malicious code lies in altering IFUNC calls to intercept execution, enabling the insertion of malicious code. This mechanism is employed by the discovered backdoor for initial control over code execution.

Binarly’s scanner enhances detection efficiency as it scans various points in the supply chain, not limited to the XZ Utils project alone, and provides results with much greater accuracy.

The online scanner is now available on the website xz.fail. It allows users to upload their binary files for free checks without restrictions. Furthermore, Binarly has provided a complimentary API for mass checks for those in need, simplifying the process of detection and protection against supply chain attacks.