Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
keiba
on March 31, 2024
|
parent
|
context
|
favorite
| on:
XZ backdoor: "It's RCE, not auth bypass, and gated...
This backdoor does not care about any of the authorisation configuration set by the user.
It is executed before that step. So just make sure you are not affected.
rany_
on March 31, 2024
[–]
It was just that it hooks to `RSA_public_decrypt` which threw me off, I didn't really understand this backdoor much. I only have one Debian sid machine which was vulnerable and accessible via a public IPv4 ssh, I'm not sure if I should just wipe it.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
It is executed before that step. So just make sure you are not affected.