|
|
|
|
|
|
by FergusArgyll
815 days ago
|
|
|
I'll bite, I'll prob get a bunch wrong but you'll learn from the people who correct me... xz is a very commonly used compression tool (think zipped files etc.) so it's used everywhere, someone(s?) managed to slowly work their way into the project and inserted a backdoor. SSH is the main way to connect from your terminal to server, the most common way to connect is not via username/password but public/private key (google RSA). what this backdoor does is add a step to the SSH login process. instead of 1) check whether correct key was sent 2) if yes give access, if no say 'incorrect'. it adds one step 1.5) if key is {special evil key} then run all commands that owner of the special evil key says to run. Since the SSH service (program, whatever) runs as root (that's like admin on linux) the attacker with the special key can do basically anything. Worth noting, the bug technically has nothing to do with the compression program, it was sneaked in using it |
|
|