Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-3094 PoC — Xz: malicious code in distributed source

Source
https://github.com/crfearnworks/ansible-CVE-2024-3094
Associated Vulnerability
Title:Xz: malicious code in distributed source (CVE-2024-3094)
Description:Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.
Description
Ansible playbooks designed to check and remediate CVE-2024-3094 (XZ Backdoor)
Readme
# ansible-CVE-2024-3094
Ansible playbooks designed to check and remediate CVE-2024-3094 (XZ Backdoor). These were developed with guidance from https://jfrog.com/blog/xz-backdoor-attack-cve-2024-3094-all-you-need-to-know/.

## Background
Running the checks to see if your Linux system is vulnerable is simple if it's only one or two systems, but what if you have a fleet of systems to manage? This is my humble attempt to make the automation of this process a little easier.

This has been tested on Ubuntu 22.04.

## Instructions

### Preflight
1) Clone the repo to your Ansible control node.
2) Prepare your hosts file in either INI or YML format.
3) Run the `preflight.sh` file to ensure you have the latest version from JFrog

### CVE-2024-3094 Check
1) Run the playbook with the following command:

`ansible-playbook -i <insert_hosts_file_here> CVE-2024-3094-check.yml`

### CVE-2024-3094 Fix
1) If needed, run the playbook with the following command:

`ansible-playbook -i <insert_hosts_file_here> CVE-2024-3094-fix.yml`

2) For further peace of mind, rerun the Check playbook.

### Results
Each playbook will produce text files in a `results` directory for each host.
File Snapshot

 [4.0K]  /data/pocs/35bb465c1d255d51b1ebe445d5792ec223bc7c22
├── [2.2K]  CVE-2024-3094-check.yml
├── [ 827]  CVE-2024-3094-fix.yml
├── [4.0K]  cve-2024-3094-tools
├── [ 125]  hosts.ini.template
├── [ 189]  hosts.yml.template
├── [1.0K]  LICENSE
├── [ 712]  playbook.yml.template
├── [ 409]  preflight.sh
└── [1.1K]  README.md

1 directory, 8 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →