Security Onion Blog

Tuesday, April 2, 2024

Security Onion and the xz Vulnerability

Recently, a vulnerability was reported in the xz library:

https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094

https://www.cve.org/CVERecord?id=CVE-2024-3094

https://nvd.nist.gov/vuln/detail/CVE-2024-3094

https://www.openwall.com/lists/oss-security/2024/03/29/4

https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users


Security Onion is NOT affected by this vulnerability.


Searching for xz Vulnerability across non-Security Onion Devices


If you have Security Onion deployed in your enterprise with Elastic Agent deployed to your endpoints, you can use Osquery Manager to search for vulnerable xz packages as shown in these Github gists by James Spiteri.


Linux:

https://gist.github.com/jamesspi/ee8319f55d49b4f44345c626f80c430f


macOS:

https://gist.github.com/jamesspi/5cb060b5e0e2d43222a71c876b56daab


For example, here's the Linux query run across several Linux endpoints (hostnames excluded from the screenshot):



at
Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Search This Blog

Featured Post

Security Onion 2.4.111 now available!

In October, we released version 2.4.110: https://blog.securityonion.net/2024/10/security-onion-24110-hurricane-helene.html Last week, Surica...

Popular Posts

  • Community Webinars featuring Security Onion
    Thanks to all who attended the Zeek webinar on May 27! For those weren't able to join, the recording should be available soon and we wi...
  • Security Onion 2.4 Base OS
    Introduction Recent events have forced us to change course on the base operating system (OS) for Security Onion 2.4.  On 6/21/2023, Red Hat ...
  • Security Advisory for Squert
    Introduction Jeffrey Medsger reported several command injection and SQL injection vulnerabilities in Squert.  Wes Lambert also discovered s...

Blog Archive