1. Forum
  2. Usenet
  3. LINUX.DEBIAN.SECURITY

  • xz backdoor prevention and hosts.deny?

    From Nick Sal@21:1/5 to All on Sun Mar 31 23:50:01 2024
    This is a multi-part message in MIME format.

    SGksCgpXaXRoIHJlc3BlY3QgdG8gZGViaWFuIHRlc3RpbmcsIGFzc3VtZSB3ZSBmaWx0ZXIgU1NI IGFjY2VzcyBvbmx5IHRvIGEgc3VibmV0IHVzaW5nIHRoZSBmaWxlcyBob3N0LntkZW55LGFsbG93 fSAoc2VlIGJlbG93KS4KV291bGQgdGhpcyBwcmV2ZW50IHRoZSBhdHRhY2sgaWYgYSBtYWxpY2lv dXMgcGF5bG9hZCB3YXMgbm904oCLIHNlbnQgZnJvbSB0aGUgYWxsb3dlZCBzdWJuZXQ/CkFza2lu ZyB0byBrbm93IGlmIGFuIGF0dGFjayB3YXMgcG9zc2libGUgbGlrZSB0aGlzLCBmb3IgdGhlIGZl dyBkYXlzIGluIE1hcmNoIHRoZSBiYWNrZG9vciB3YXMgdW5kZXRlY3RlZCBvbiBkZWJpYW4gdGVz dGluZy4KCi9ldGMvaG9zdHMuZGVueTogc3NoZDogQUxMCi9ldGMvaG9zdHMuYWxsb3c6IHNzaGQ6 ICJhX3N1Ym5ldCIKCk1vcmVvdmVyLCB3b3VsZCBpdCBoYXZlIGhlbHBlZCBpZiBhZGRpdGlvbmFs bHkgYWxsb3dpbmcgb25seSBwdWJsaWMta2V5IGF1dGhlbnRpY2F0aW9uIGZvciBTU0g/CgpSZWdh cmRzLApOaWNr

    PGRpdiBzdHlsZT0iZm9udC1mYW1pbHk6IEFyaWFsLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDE0 cHg7IGNvbG9yOiByZ2IoMCwgMCwgMCk7IGJhY2tncm91bmQtY29sb3I6IHJnYigyNTUsIDI1NSwg MjU1KTsiPkhpLDwvZGl2PjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5OiBBcmlhbCwgc2Fucy1zZXJp ZjsgZm9udC1zaXplOiAxNHB4OyBjb2xvcjogcmdiKDAsIDAsIDApOyBiYWNrZ3JvdW5kLWNvbG9y OiByZ2IoMjU1LCAyNTUsIDI1NSk7Ij48YnI+PC9kaXY+PGRpdiBzdHlsZT0iZm9udC1mYW1pbHk6 IEFyaWFsLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDE0cHg7IGNvbG9yOiByZ2IoMCwgMCwgMCk7 IGJhY2tncm91bmQtY29sb3I6IHJnYigyNTUsIDI1NSwgMjU1KTsiPldpdGggcmVzcGVjdCB0byBk ZWJpYW4gdGVzdGluZywgYXNzdW1lIHdlIGZpbHRlciBTU0ggYWNjZXNzIG9ubHkgdG8gYSBzdWJu ZXQgIHVzaW5nIHRoZSBmaWxlcyBob3N0LntkZW55LGFsbG93fSAoc2VlIGJlbG93KS48YnI+IFdv dWxkIHRoaXMgcHJldmVudCB0aGUgYXR0YWNrICBpZiBhIG1hbGljaW91cyBwYXlsb2FkIHdhcyA8 Yj5ub3Q8L2I+4oCLIHNlbnQgZnJvbSB0aGUgYWxsb3dlZCBzdWJuZXQ/PGJyPkFza2luZyB0byBr bm93IGlmIGFuIGF0dGFjayB3YXMgcG9zc2libGUgbGlrZSB0aGlzLCBmb3IgdGhlIGZldyBkYXlz IGluIE1hcmNoIHRoZSBiYWNrZG9vciB3YXMgIHVuZGV0ZWN0ZWQgb24gZGViaWFuIHRlc3Rpbmcu PGJyPjxicj4vZXRjL2hvc3RzLmRlbnk6IDxzcGFuPnNzaGQ6IEFMTDwvc3Bhbj48YnI+L2V0Yy9o b3N0cy5hbGxvdzogPHNwYW4+c3NoZDogImFfc3VibmV0PC9zcGFuPiI8YnI+PGJyPk1vcmVvdmVy LCB3b3VsZCBpdCBoYXZlIGhlbHBlZCBpZiBhZGRpdGlvbmFsbHkgYWxsb3dpbmcgb25seSBwdWJs aWMta2V5IGF1dGhlbnRpY2F0aW9uIGZvciBTU0g/PC9kaXY+PGRpdiBzdHlsZT0iZm9udC1mYW1p bHk6IEFyaWFsLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDE0cHg7IGNvbG9yOiByZ2IoMCwgMCwg MCk7IGJhY2tncm91bmQtY29sb3I6IHJnYigyNTUsIDI1NSwgMjU1KTsiPjxicj48L2Rpdj48ZGl2 IHN0eWxlPSJmb250LWZhbWlseTogQXJpYWwsIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTRweDsg Y29sb3I6IHJnYigwLCAwLCAwKTsgYmFja2dyb3VuZC1jb2xvcjogcmdiKDI1NSwgMjU1LCAyNTUp OyI+UmVnYXJkcyw8YnI+TmljazwvZGl2PjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5OiBBcmlhbCwg c2Fucy1zZXJpZjsgZm9udC1zaXplOiAxNHB4OyBjb2xvcjogcmdiKDAsIDAsIDApOyBiYWNrZ3Jv dW5kLWNvbG9yOiByZ2IoMjU1LCAyNTUsIDI1NSk7Ij48YnI+PC9kaXY+

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Gian Piero Carrubba@21:1/5 to All on Mon Apr 1 11:50:01 2024
    * [Sun, Mar 31, 2024 at 09:28:46PM +0000] Nick Sal:
    With respect to debian testing, assume we filter SSH access only to a
    subnet using the files host.{deny,allow} (see below).
    Would this prevent the attack if a malicious payload was not sent from
    the allowed subnet?

    I've not seen any reference to this. One could argue that tcpwrappers'
    check should happen in an early stage, so it could have helped. But
    that's just speculation and I would consider the system vulnerable
    unless someone knowledgeable (I'm not) says otherwise.

    Moreover, would it have helped if additionally allowing only public-key >authentication for SSH?

    All sources I've read agree that this was not sufficient (actually, the malicious code resided in the function verifying the key signatures).

    Best,
    Gian Piero.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)