{"id":76613,"date":"2024-04-06T23:28:07","date_gmt":"2024-04-06T15:28:07","guid":{"rendered":"https:\/\/version-2.com\/?p=76613"},"modified":"2024-04-02T23:29:45","modified_gmt":"2024-04-02T15:29:45","slug":"how-to-find-systems-impacted-by-cve-2024-3094-xz-utils-backdoor-with-runzero","status":"publish","type":"post","link":"https:\/\/version-2.com\/zh\/2024\/04\/how-to-find-systems-impacted-by-cve-2024-3094-xz-utils-backdoor-with-runzero\/","title":{"rendered":"How to find systems impacted by CVE-2024-3094 (XZ Utils backdoor) with runZero"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"76613\" class=\"elementor elementor-76613\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-4da8c5f9 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"4da8c5f9\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;_id&quot;:&quot;decf9c3&quot;,&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-133ba185\" data-id=\"133ba185\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-fc2da8d post-content elementor-widget elementor-widget-text-editor\" data-id=\"fc2da8d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"md:pl-10 prose prose--blog\"><h2 id=\"latest-cve-2024-3094-coverage\">Latest CVE-2024-3094 (XZ Utils backdoor) coverage\u00a0<\/h2><p><a href=\"https:\/\/mastodon.social\/@AndresFreundTec\" target=\"_blank\" rel=\"noopener\">Andres Freund <\/a>discovered a <a href=\"https:\/\/www.openwall.com\/lists\/oss-security\/2024\/03\/29\/4\" target=\"_blank\" rel=\"noopener\">malicious backdoor<\/a> in a recent revision of the XZ Utils package. This backdoor was introduced by a threat actor who spent years <a href=\"https:\/\/boehs.org\/node\/everything-i-know-about-the-xz-backdoor\" target=\"_blank\" rel=\"noopener\">building trust<\/a> in the open source community before taking over maintenance of the XZ Utils project. After gaining access as a maintainer, the threat actor introduced the malicious code in multiple obfuscated steps. This backdoor could allow the threat actor to run arbitrary commands without authentication through the OpenSSH daemon.<\/p><p><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-3094\" target=\"_blank\" rel=\"noopener\">CVE-2024-3094<\/a> is rated <em>critical<\/em> with CVSS score of <strong>10.0<\/strong>.<\/p><p>An overview of this issue can be found at <a href=\"https:\/\/arstechnica.com\/security\/2024\/04\/what-we-know-about-the-xz-utils-backdoor-that-almost-infected-the-world\/\" target=\"_blank\" rel=\"noopener\">ArsTechnica<\/a>.<\/p><p>Russ Cox published a <a href=\"https:\/\/research.swtch.com\/xz-timeline\">detailed timeline<\/a>.<\/p><h2 id=\"what-is-the-impact\">What is the impact?<\/h2><p>Successful exploitation of this backdoor would allow the actor responsible to run arbitrary system commands without authentication.<\/p><p><a href=\"https:\/\/amlw.dev\/\">Anthony Weems<\/a> built a <a href=\"https:\/\/github.com\/amlweems\/xzbot\">fantastic proof-of-concept and demo kit<\/a> for reproducing the backdoor.<\/p><h2 id=\"are-updates-or-workarounds-available\">Are updates or workarounds available?<\/h2><p>This backdoor was enabled when a build was run on an x86_64 (amd64) system that was building a Debian &#8220;DEB&#8221; or Red Hat &#8220;RPM&#8221; package. The issue was caught prior to widespread release and the list of affected distributions is small as a result.<\/p><p>The following distributions shipped a combination of packages that resulted in a backdoored SSH daemon:<\/p><ul><li><a href=\"https:\/\/www.redhat.com\/en\/blog\/urgent-security-alert-fedora-41-and-rawhide-users\" target=\"_blank\" rel=\"noopener\">Red Hat Fedora Linux (Rawhide) <\/a><\/li><li><a href=\"https:\/\/security-tracker.debian.org\/tracker\/CVE-2024-3094\" target=\"_blank\" rel=\"noopener\">Debian Linux (unstable and testing builds)<\/a><\/li><li><a href=\"https:\/\/www.kali.org\/blog\/about-the-xz-backdoor\/\" target=\"_blank\" rel=\"noopener\">Kali Linux (rolling release)<\/a><\/li><li><a href=\"https:\/\/archlinux.org\/news\/the-xz-package-has-been-backdoored\/\">OpenSUSE Linux (Tumbleweed &amp; MicroOS)<\/a><\/li><\/ul><p>Additional information about this issue can be found across the web and in various distribution-specific trackers:<a href=\"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=CVE-2024-3094\" target=\"_blank\" rel=\"noopener\"><br \/><\/a><\/p><ul><li><a href=\"https:\/\/aws.amazon.com\/security\/security-bulletins\/AWS-2024-002\/\" target=\"_blank\" rel=\"noopener\">Amazon Linux<\/a><\/li><li><a href=\"https:\/\/ubuntu.com\/security\/CVE-2024-3094\" target=\"_blank\" rel=\"noopener\">Ubuntu Linux<\/a><\/li><li><a href=\"https:\/\/bugs.gentoo.org\/show_bug.cgi?id=CVE-2024-3094\" target=\"_blank\" rel=\"noopener\">Gentoo Linux<\/a><\/li><li><a href=\"https:\/\/github.com\/advisories\/GHSA-rxwq-x6h5-x525\" target=\"_blank\" rel=\"noopener\">Arch Linux<\/a><\/li><li><a href=\"https:\/\/twitter.com\/alpinelinux\/status\/1773781993844519408\">Alpine Linux<\/a><\/li><li><a href=\"https:\/\/twitter.com\/alpinelinux\/status\/1773781993844519408\">GitHub Advisory<\/a><\/li><\/ul><h2 id=\"how-to-find-potentially-affected-systems-with-runZero\">How to find potentially affected systems with runZero<\/h2><p>The runZero team is investigating whether a direct check against SSH is possible.<\/p><p>In the meantime, we suggest using this runZero <a href=\"https:\/\/console.runzero.com\/inventory\/services?search=_asset.protocol%3Assh%20protocol%3Assh%20%28banner%3A%3D%22SSH-2.0-OpenSSH%EF%BB%BF_9.6%22%20OR%20banner%3A%3D%22SSH-2.0-OpenSSH%EF%BB%BF_9.6p1%25Debian%25%22%20OR%20banner%3A%3D%22SSH-2.0-OpenSSH%EF%BB%BF_9.7p1%25Debian%25%22%29\" target=\"_blank\" rel=\"noopener\">Service Inventory query<\/a>:<\/p><pre><code>_asset.protocol:ssh protocol:ssh (banner:=\"SSH-2.0-OpenSSH_9.6\" OR banner:=\"SSH-2.0-OpenSSH_9.6p1%Debian%\" OR banner:=\"SSH-2.0-OpenSSH_9.7p1%Debian%\")<\/code><\/pre><p>This query is based on the following logic:<\/p><p>1. Identify any instances of <strong>Fedora Rawhide<\/strong> or <strong>OpenSUSE Tumbleweed &amp; MicroOS<\/strong> in your environment. The easiest way to find potentially affected installations is to look for OpenSSH servers running version <strong>9.6<\/strong>, which is a recent release specific to those rolling distributions.<\/p><p>2. Identify any instances of <strong>Debian<\/strong> or <strong>Kali<\/strong> rolling builds. The easiest way to do this is by looking for recently-released <strong>(9.6 &amp;\u00a09.7<\/strong>) Debian-flavored OpenSSH services, as these packages were shipped in the Debian unstable and Kali Linux rolling releases.<\/p><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8085a61 post-content elementor-widget elementor-widget-shortcode\" data-id=\"8085a61\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"shortcode.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-shortcode\">\t\t<div data-elementor-type=\"page\" data-elementor-id=\"18103\" class=\"elementor elementor-18103\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-748947f elementor-section-full_width elementor-section-height-default elementor-section-height-default\" data-id=\"748947f\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;_id&quot;:&quot;c4f773e&quot;,&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-7995c19\" data-id=\"7995c19\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a437045 elementor-widget elementor-widget-image-box\" data-id=\"a437045\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-image-box-wrapper\"><div class=\"elementor-image-box-content\"><h3 class=\"elementor-image-box-title\">About Version 2 Digital<\/h3><p class=\"elementor-image-box-description\">Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.\n<br><br>\nThrough an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.<\/p><\/div><\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t\n\t\t<div data-elementor-type=\"page\" data-elementor-id=\"55060\" class=\"elementor elementor-55060\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-6b25dc0d elementor-section-full_width elementor-section-height-default elementor-section-height-default\" data-id=\"6b25dc0d\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;_id&quot;:&quot;c4f773e&quot;,&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-3cc1b37d\" data-id=\"3cc1b37d\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-52c4a230 elementor-widget elementor-widget-text-editor\" data-id=\"52c4a230\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><strong>About runZero<\/strong><br \/>runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network\u2013without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Latest CVE-2024-3094 (XZ Utils backdoor) coverage\u00a0 Andr [&hellip;]<\/p>\n","protected":false},"author":149011790,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[976,1273,61],"tags":[977,1272],"class_list":["post-76613","post","type-post","status-publish","format-standard","hentry","category-runzero","category-1273","category-press-release","tag-runzero","tag-1272"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>How to find systems impacted by CVE-2024-3094 (XZ Utils backdoor) with runZero - Version 2<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.runzero.com\/blog\/how-to-find-systems-impacted-by-cve-2024-3094-libxz-utils-with-runzero\/\" \/>\n<meta property=\"og:locale\" content=\"zh_HK\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to find systems impacted by CVE-2024-3094 (XZ Utils backdoor) with runZero - Version 2\" \/>\n<meta property=\"og:description\" content=\"Latest CVE-2024-3094 (XZ Utils backdoor) coverage\u00a0 Andr [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.runzero.com\/blog\/how-to-find-systems-impacted-by-cve-2024-3094-libxz-utils-with-runzero\/\" \/>\n<meta property=\"og:site_name\" content=\"Version 2\" \/>\n<meta property=\"article:published_time\" content=\"2024-04-06T15:28:07+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/version-2.com\/wp-content\/uploads\/2020\/04\/blog-v2-logo.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"250\" \/>\n\t<meta property=\"og:image:height\" content=\"70\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"tracylamv2\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"tracylamv2\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9810\u8a08\u95b1\u8b80\u6642\u9593\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 \u5206\u9418\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.runzero.com\\\/blog\\\/how-to-find-systems-impacted-by-cve-2024-3094-libxz-utils-with-runzero\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2024\\\/04\\\/how-to-find-systems-impacted-by-cve-2024-3094-xz-utils-backdoor-with-runzero\\\/\"},\"author\":{\"name\":\"tracylamv2\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/011bc7c3731c930bcfeecd52fefb6365\"},\"headline\":\"How to find systems impacted by CVE-2024-3094 (XZ Utils backdoor) with runZero\",\"datePublished\":\"2024-04-06T15:28:07+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2024\\\/04\\\/how-to-find-systems-impacted-by-cve-2024-3094-xz-utils-backdoor-with-runzero\\\/\"},\"wordCount\":389,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"keywords\":[\"runZero\",\"2024\"],\"articleSection\":[\"runZero\",\"2024\",\"Press Release\"],\"inLanguage\":\"zh-HK\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.runzero.com\\\/blog\\\/how-to-find-systems-impacted-by-cve-2024-3094-libxz-utils-with-runzero\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/version-2.com\\\/2024\\\/04\\\/how-to-find-systems-impacted-by-cve-2024-3094-xz-utils-backdoor-with-runzero\\\/\",\"url\":\"https:\\\/\\\/www.runzero.com\\\/blog\\\/how-to-find-systems-impacted-by-cve-2024-3094-libxz-utils-with-runzero\\\/\",\"name\":\"How to find systems impacted by CVE-2024-3094 (XZ Utils backdoor) with runZero - Version 2\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\"},\"datePublished\":\"2024-04-06T15:28:07+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.runzero.com\\\/blog\\\/how-to-find-systems-impacted-by-cve-2024-3094-libxz-utils-with-runzero\\\/#breadcrumb\"},\"inLanguage\":\"zh-HK\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.runzero.com\\\/blog\\\/how-to-find-systems-impacted-by-cve-2024-3094-libxz-utils-with-runzero\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.runzero.com\\\/blog\\\/how-to-find-systems-impacted-by-cve-2024-3094-libxz-utils-with-runzero\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9801\",\"item\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to find systems impacted by CVE-2024-3094 (XZ Utils backdoor) with runZero\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"name\":\"Version 2\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/version-2.com\\\/zh\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"zh-HK\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\",\"name\":\"Version 2\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-HK\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"width\":1795,\"height\":335,\"caption\":\"Version 2\"},\"image\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/011bc7c3731c930bcfeecd52fefb6365\",\"name\":\"tracylamv2\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-HK\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/9d01d79cbfd8b2e878f5d701a362cc9fca466d33fec977b59706c23c1a2db15c?s=96&d=identicon&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/9d01d79cbfd8b2e878f5d701a362cc9fca466d33fec977b59706c23c1a2db15c?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/9d01d79cbfd8b2e878f5d701a362cc9fca466d33fec977b59706c23c1a2db15c?s=96&d=identicon&r=g\",\"caption\":\"tracylamv2\"},\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/author\\\/tracylamv2\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to find systems impacted by CVE-2024-3094 (XZ Utils backdoor) with runZero - Version 2","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.runzero.com\/blog\/how-to-find-systems-impacted-by-cve-2024-3094-libxz-utils-with-runzero\/","og_locale":"zh_HK","og_type":"article","og_title":"How to find systems impacted by CVE-2024-3094 (XZ Utils backdoor) with runZero - Version 2","og_description":"Latest CVE-2024-3094 (XZ Utils backdoor) coverage\u00a0 Andr [&hellip;]","og_url":"https:\/\/www.runzero.com\/blog\/how-to-find-systems-impacted-by-cve-2024-3094-libxz-utils-with-runzero\/","og_site_name":"Version 2","article_published_time":"2024-04-06T15:28:07+00:00","og_image":[{"width":250,"height":70,"url":"https:\/\/version-2.com\/wp-content\/uploads\/2020\/04\/blog-v2-logo.jpg","type":"image\/jpeg"}],"author":"tracylamv2","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"tracylamv2","\u9810\u8a08\u95b1\u8b80\u6642\u9593":"3 \u5206\u9418"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.runzero.com\/blog\/how-to-find-systems-impacted-by-cve-2024-3094-libxz-utils-with-runzero\/#article","isPartOf":{"@id":"https:\/\/version-2.com\/2024\/04\/how-to-find-systems-impacted-by-cve-2024-3094-xz-utils-backdoor-with-runzero\/"},"author":{"name":"tracylamv2","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/011bc7c3731c930bcfeecd52fefb6365"},"headline":"How to find systems impacted by CVE-2024-3094 (XZ Utils backdoor) with runZero","datePublished":"2024-04-06T15:28:07+00:00","mainEntityOfPage":{"@id":"https:\/\/version-2.com\/2024\/04\/how-to-find-systems-impacted-by-cve-2024-3094-xz-utils-backdoor-with-runzero\/"},"wordCount":389,"commentCount":0,"publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"keywords":["runZero","2024"],"articleSection":["runZero","2024","Press Release"],"inLanguage":"zh-HK","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.runzero.com\/blog\/how-to-find-systems-impacted-by-cve-2024-3094-libxz-utils-with-runzero\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/version-2.com\/2024\/04\/how-to-find-systems-impacted-by-cve-2024-3094-xz-utils-backdoor-with-runzero\/","url":"https:\/\/www.runzero.com\/blog\/how-to-find-systems-impacted-by-cve-2024-3094-libxz-utils-with-runzero\/","name":"How to find systems impacted by CVE-2024-3094 (XZ Utils backdoor) with runZero - Version 2","isPartOf":{"@id":"https:\/\/version-2.com\/zh\/#website"},"datePublished":"2024-04-06T15:28:07+00:00","breadcrumb":{"@id":"https:\/\/www.runzero.com\/blog\/how-to-find-systems-impacted-by-cve-2024-3094-libxz-utils-with-runzero\/#breadcrumb"},"inLanguage":"zh-HK","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.runzero.com\/blog\/how-to-find-systems-impacted-by-cve-2024-3094-libxz-utils-with-runzero\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.runzero.com\/blog\/how-to-find-systems-impacted-by-cve-2024-3094-libxz-utils-with-runzero\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9801","item":"https:\/\/version-2.com\/zh\/"},{"@type":"ListItem","position":2,"name":"How to find systems impacted by CVE-2024-3094 (XZ Utils backdoor) with runZero"}]},{"@type":"WebSite","@id":"https:\/\/version-2.com\/zh\/#website","url":"https:\/\/version-2.com\/zh\/","name":"Version 2","description":"","publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/version-2.com\/zh\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"zh-HK"},{"@type":"Organization","@id":"https:\/\/version-2.com\/zh\/#organization","name":"Version 2","url":"https:\/\/version-2.com\/zh\/","logo":{"@type":"ImageObject","inLanguage":"zh-HK","@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","contentUrl":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","width":1795,"height":335,"caption":"Version 2"},"image":{"@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/011bc7c3731c930bcfeecd52fefb6365","name":"tracylamv2","image":{"@type":"ImageObject","inLanguage":"zh-HK","@id":"https:\/\/secure.gravatar.com\/avatar\/9d01d79cbfd8b2e878f5d701a362cc9fca466d33fec977b59706c23c1a2db15c?s=96&d=identicon&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/9d01d79cbfd8b2e878f5d701a362cc9fca466d33fec977b59706c23c1a2db15c?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/9d01d79cbfd8b2e878f5d701a362cc9fca466d33fec977b59706c23c1a2db15c?s=96&d=identicon&r=g","caption":"tracylamv2"},"url":"https:\/\/version-2.com\/zh\/author\/tracylamv2\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pbQRKm-jVH","post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts\/76613","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/users\/149011790"}],"replies":[{"embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/comments?post=76613"}],"version-history":[{"count":7,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts\/76613\/revisions"}],"predecessor-version":[{"id":76620,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts\/76613\/revisions\/76620"}],"wp:attachment":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/media?parent=76613"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/categories?post=76613"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/tags?post=76613"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}