Publicly accessible EC2 instance contains critical vulnerability CVE-2024-3094 (RCE in liblzma and xz versions 5.6.0 and 5.6.1)

ec2
이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Description

A publicly accessible host is affected by CVE-2024-3094. The vulnerability is found in liblzma and xz versions 5.6.0 and 5.6.1. The vulnerable libraries contained the ability for remote code execution.

Not all distributions are affected, for more information see the security center post.

Remediation

  1. Evaluate the need for public accessability for your instance and remove it from the public internet if possible.
  2. To manually determine if your systems are running the affected version you can use the following shell command: $ xz --version
  3. It is recommended to downgrade the XZ Utils library to an uncompromised version such as 5.4.6. In addition, if you are using an affected distribution it is encouraged to hunt for any malicious activity involving the impacted instance.