Publicly accessible EC2 instance contains critical vulnerability CVE-2024-3094 (RCE in liblzma and xz versions 5.6.0 and 5.6.1)

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください

Description

A publicly accessible host is affected by CVE-2024-3094. The vulnerability is found in liblzma and xz versions 5.6.0 and 5.6.1. The vulnerable libraries contained the ability for remote code execution.

Not all distributions are affected, for more information see the security center post.

Remediation

  1. Evaluate the need for public accessability for your instance and remove it from the public internet if possible.
  2. To manually determine if your systems are running the affected version you can use the following shell command: $ xz --version
  3. It is recommended to downgrade the XZ Utils library to an uncompromised version such as 5.4.6. In addition, if you are using an affected distribution it is encouraged to hunt for any malicious activity involving the impacted instance.