Red Hat, Debian Linux distributions narrowly avoid shipping critical SSH backdoor

Reading time icon 2 min. read

Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

linux hack

A sophisticated backdoor designed to undermine SSH authentication has been discovered in the widely-used xz Utils compression library. Security researchers averted a potential supply chain disaster when the malicious code was found in beta releases of Fedora Rawhide and Debian’s testing and experimental branches.

A recently discovered backdoor in the xz Utils compression tool (versions 5.6.0 and 5.6.1) could have had devastating consequences for Linux distributions. Mainstream production releases from Red Hat and Debian were unaffected, but beta versions were vulnerable. A stable Arch Linux release was also impacted, though it’s less common in production environments.

This timely discovery of the backdoor prevented widespread damage, pointing to potential catastrophe had its presence gone undetected.

The backdoor, introduced by a long-trusted xz Utils developer, is particularly insidious. It compromises the secure authentication process used by SSH, a critical tool for remote system access across Linux environments.

Upon connection, the malware intercepts critical code, allowing attackers to bypass authentication and gain unauthorized root access to a targeted system.

Further Developments

  • macOS Impact: The compromised 5.6.1 version of xz Utils affected multiple apps in the Homebrew package manager. Homebrew has since downgraded to version 5.4.6.
  • Ongoing Questions: Further investigation is needed to determine the full extent of the backdoor’s capabilities and whether older xz Utils versions have been compromised.

Urgent Action Recommended

  • Check Your Distribution: Immediately verify if your Linux distribution utilizes the affected xz Utils versions. Contact your distributor for official guidance.
  • Detection and Mitigation: Detection scripts are available to help identify vulnerable systems. Follow your distribution’s instructions for patching as soon as possible.

This incident underscores the severity of software supply chain vulnerabilities and the importance of constant vigilance within the open-source community.