drwho, 1 month ago Somebody wrote a PoC for it: github.com/amlweems/xzbot#backdoor-demo Basically, if you have a patched SSH client with the right ED448 key you can have the gigged sshd on the other side run whatever commands you want. The demo just does id > /tmp/.xz but it could be whatever command you want.
Somebody wrote a PoC for it: github.com/amlweems/xzbot#backdoor-demo
Basically, if you have a patched SSH client with the right ED448 key you can have the gigged sshd on the other side run whatever commands you want. The demo just does id > /tmp/.xz but it could be whatever command you want.
id > /tmp/.xz