Firmware security firm Binarly has recently released a free online scanner designed to detect Linux executables affected by the XZ Utils supply chain attack CVE-2024-3094. XZ Utils is a popular data compression tool utilized in numerous major Linux distributions.
The backdoor was initially discovered in XZ version 5.6.0 by Microsoft engineer Andres Freud. While only a few Linux distributions have been impacted by this issue, the majority of them are using earlier versions of the library that are considered safe.
The Cybersecurity and Infrastructure Security Agency (CISA) has recommended downgrading XZ Utils to version 5.4.6 Stable and has advised conducting thorough investigations for any potential malicious activity.
In response to this security threat, Binarly has developed a dedicated scanner specifically targeting the backdoor in XZ Utils and similar projects. The scanner utilizes static analysis of binaries to detect any tampering of transitions in the GNU Indirect Function (IFUNC). Additionally, it has the capability to identify supply chain points beyond the XZ Utils project.
The online scanner is accessible at xz.fail for unlimited free scans, with a free API made available for bulk scanning purposes. This tool provides an effective means for users to ensure the integrity of their Linux executables and safeguard against potential security breaches stemming from the XZ Utils supply chain attack.
