XZ Utils 5.6.0 / 5.6.1 SSH 後門程式 (CVE-2024-3094)

critical Nessus Plugin ID 192708

語言:

版本 1.117 Nov 3, 2025, 9:25 PM Logic Changes (Corrects handling base64 encoded HTTP cookies) Plugin Feed: 202511032125
版本 1.116 Oct 27, 2025, 3:15 PM Logic Changes (Gate HTTP debugging behind hidden preference) Plugin Feed: 202510271515
版本 1.115 Oct 23, 2025, 3:11 AM Logic Changes (Fix HTTP/1 library to make sure it closes unused Keep-Alive connections) Plugin Feed: 202510230311
版本 1.113 Oct 21, 2025, 3:09 AM Logic Changes (Implement workaround in SSH library to prevent triggering an engine bug.) Plugin Feed: 202510210309
版本 1.112 Oct 16, 2025, 4:39 PM Logic Changes (Implement workaround in HTTP library to prevent triggering an engine bug.) Plugin Feed: 202510161639
版本 1.110 Oct 10, 2025, 2:37 AM Detection (Updated 'PatchLog' extraction. update to support Docker/containerd storage directory inclusions/exclusions) Plugin Feed: 202510100237
版本 1.109 Oct 8, 2025, 9:19 AM Logic Changes (Allow forking plugins to report all installs for structured vuln data.) Plugin Feed: 202510080919
版本 1.108 Oct 1, 2025, 9:12 PM Logic Changes (Adding support for user-supplied header added to all HTTP requests.) Plugin Feed: 202510012112
版本 1.107 Sep 30, 2025, 12:41 AM Logic Changes (Various corrections and fixes for CPE related Flatline Test Failures) Plugin Feed: 202509300041
版本 1.105 Sep 11, 2025, 2:55 PM Logic Changes (Handle file associations for Snap packages in shared library. Currently active for OpenSSL, Curl and libcurl) Plugin Feed: 202509111455
版本 1.103 Aug 27, 2025, 5:32 PM Logic Changes (Consider findings located in /snap directory as managed by the OS.) Plugin Feed: 202508271732
版本 1.102 Aug 26, 2025, 7:20 AM Logic Changes Plugin Feed: 202508260720
版本 1.101 Jul 28, 2025, 4:47 PM Logic Changes (RSA SSH certificates can use SHA2 signatures when needed) Plugin Feed: 202507281647
版本 1.99 Jul 10, 2025, 5:41 PM Logic Changes (Windows CA support) Plugin Feed: 202507101741
版本 1.98 Jun 27, 2025, 8:01 PM Logic Changes Plugin Feed: 202506272001
版本 1.97 Jun 23, 2025, 9:47 PM Logic Changes Plugin Feed: 202506232147
版本 1.96 Jun 16, 2025, 4:11 PM Logic Changes (Validate X509 certificates against CA's CRL in preference to OCSP.) Plugin Feed: 202506161611
版本 1.95 May 28, 2025, 6:51 PM Detection (Experimental Mode for Apache Log4j detection. Only sets find exclude path, no longer registers the install. detect containerd installed from binaries unmanaged) Plugin Feed: 202505281851
版本 1.94 May 28, 2025, 9:47 AM Logic Changes (Streamline SSH compatibility code) Plugin Feed: 202505280947
版本 1.93 Apr 30, 2025, 5:21 PM Logic Changes (Exclude container storage directories from find searches.) Plugin Feed: 202504301721
版本 1.92 Apr 28, 2025, 4:40 PM Logic Changes (Handling absence of SSH privilege escalation uniformly across products) New Plugin Feed: 202504281640
版本 1.90 Apr 1, 2025, 12:23 AM Logic Changes (Handle Cisco devices that echo command and prompt before command results.) Plugin Feed: 202504010023
版本 1.88 Mar 20, 2025, 7:47 AM Detection (Handle DISA /etc/profile.d/ssh_confirm.sh consent prompt.) Plugin Feed: 202503200747
版本 1.86 Mar 6, 2025, 7:23 AM Detection (Handle long MOTD with pagination on Nokia devices.) Plugin Feed: 202503060723
版本 1.85 Mar 3, 2025, 5:54 PM Logic Changes (improve detection for some devices) Plugin Feed: 202503031754
版本 1.83 Feb 28, 2025, 9:08 PM New Plugin Feed: 202502282108
版本 1.82 Feb 12, 2025, 3:29 PM Logic Changes Plugin Feed: 202502121529
版本 1.81 Feb 12, 2025, 1:58 AM Logic Changes Plugin Feed: 202502120158
版本 1.80 Feb 10, 2025, 4:00 PM Logic Changes Plugin Feed: 202502101600
版本 1.78 Jan 22, 2025, 5:44 PM New Plugin Feed: 202501221744
版本 1.77 Jan 21, 2025, 6:17 PM Detection (Add SSH local checks support for Union Tech UOS) Logic Changes (Tighten recognition of need to escalate.) Plugin Feed: 202501211817
版本 1.73 Jan 13, 2025, 10:27 PM New Plugin Feed: 202501132227
版本 1.72 Jan 13, 2025, 7:38 PM Logic Changes (Add display fix to structured reporting.) Plugin Feed: 202501131938
版本 1.68 Dec 30, 2024, 4:30 PM Logic Changes (Catch errors when rehoming find commands under sudo escalation. Ensure escalation user home with tilde.) Plugin Feed: 202412301630
版本 1.67 Dec 24, 2024, 11:44 AM New Plugin Feed: 202412241144
版本 1.66 Dec 18, 2024, 9:32 PM Detection (Set a prompt of our own in 'nix shells to handle misconfigured scan user prompts) Plugin Feed: 202412182132
版本 1.65 Dec 18, 2024, 7:05 AM Detection (Fixed SSH authentication using the "none" method) Plugin Feed: 202412180705
版本 1.64 Dec 16, 2024, 8:47 PM Logic Changes (Handle Alibaba Linux rpm lists the same as other RPM based distros) Plugin Feed: 202412162047
版本 1.63 Dec 6, 2024, 8:13 PM Detection (Better debugging related to local checks evaluations) Plugin Feed: 202412062013
版本 1.62 Dec 3, 2024, 3:59 PM Detection (Support Azure Linux for generated package plugins.) Plugin Feed: 202412031559
版本 1.61 Nov 22, 2024, 6:54 PM Logic Changes (Fixed installation reporting) Plugin Feed: 202411221854
版本 1.60 Nov 12, 2024, 8:29 PM Logic Changes (Adding installs report) Plugin Feed: 202411122029
版本 1.58 Nov 7, 2024, 8:25 PM Logic Changes Plugin Feed: 202411072025
版本 1.57 Nov 6, 2024, 2:41 PM Detection (adding support for Forescout CounterACT) Plugin Feed: 202411061441
版本 1.56 Oct 30, 2024, 4:21 PM Detection (Process file exclusion wildcards in a consistent way across find, locate, etc.) Plugin Feed: 202410301621
版本 1.55 Oct 29, 2024, 8:44 PM Logic Changes (Extend structured reporting to vcf_extras) Plugin Feed: 202410292044
版本 1.53 Oct 23, 2024, 3:47 PM Plugin metadata (update thorough_tests attribute) Plugin Feed: 202410231547
版本 1.49 Oct 10, 2024, 11:57 PM New Plugin Feed: 202410102357
版本 1.48 Oct 10, 2024, 4:58 AM Detection (Change dir to $HOME before find commands to handle weird find behavior with escalation.) Plugin Feed: 202410100458
版本 1.47 Oct 9, 2024, 5:56 PM Logic Changes (Corrects vulnerability-finding structured data tags to include the port.) Plugin Feed: 202410091756
版本 1.43 Oct 3, 2024, 6:29 PM Detection (Adding hardware constraint support to VCF and UCF) Plugin Feed: 202410031829
版本 1.42 Oct 2, 2024, 4:10 PM Logic Changes (Adds structured data reports to a subset of manual plugins.) Plugin Feed: 202410021610
版本 1.41 Sep 26, 2024, 4:34 PM Detection (adding package association overrides) Plugin Feed: 202409261634
版本 1.40 Sep 25, 2024, 3:12 PM Detection (Adding support for user-supplied timeout value for the find command.) Plugin Feed: 202409251512
版本 1.37 Sep 11, 2024, 5:35 PM New (Detects QUIC servers running on the target. Implement a NASL QUIC library to support detection of HTTP/3 and possibly more) Plugin Feed: 202409111735
版本 1.36 Sep 10, 2024, 4:59 PM New Plugin Feed: 202409101659
版本 1.35 Sep 3, 2024, 11:47 PM Logic Changes (additional data collection for runtime scanning. fixed logic bug causing potential false negatives. fixed logic bug causing potential false positives. fixed logic bug with potential to break cyberark logins) Plugin Feed: 202409032347
版本 1.33 Sep 3, 2024, 5:26 PM Detection (Support for Aruba CPPM SSH based local checks) Plugin Feed: 202409031726
版本 1.32 Aug 14, 2024, 8:33 PM Logic Changes (Endianness fix in Kerberos authentication for SCAP scanning) Plugin Feed: 202408142033
版本 1.31 Aug 14, 2024, 2:40 AM New Plugin requirements (Trusted) Plugin Feed: 202408140240
版本 1.29 Aug 8, 2024, 4:43 PM Logic Changes (Support OpenSSH private key formats for authentication.) Plugin Feed: 202408081643
版本 1.25 Jul 24, 2024, 6:31 PM Logic Changes (Modernize SSH usage to optimize behavior on Nessus Agents.. adding AI family) Plugin Feed: 202407241831
版本 1.24 Jul 23, 2024, 9:24 PM New Plugin Feed: 202407232124
版本 1.22 Jul 17, 2024, 11:02 PM Logic Changes Plugin Feed: 202407172302
版本 1.21 Jul 6, 2024, 12:22 AM Detection (Changes to support Juniper Session Smart Router) Plugin Feed: 202407060022
版本 1.20 Jul 5, 2024, 9:04 PM Detection (Adding detection of Juniper SSR devices) Plugin Feed: 202407052104
版本 1.19 Jun 27, 2024, 9:09 PM New (Deploy nessus_utils binaries on the Nessus Agent) Plugin Feed: 202406272109
版本 1.16 Jun 21, 2024, 6:31 PM Detection (updated detection for SonicOS devices) Plugin Feed: 202406211831
版本 1.15 Jun 21, 2024, 2:16 PM Logic Changes Plugin Feed: 202406211416
版本 1.14 Jun 14, 2024, 7:07 PM Logic Changes (added additional check for command failures.) Plugin Feed: 202406141907
版本 1.12 Jun 7, 2024, 12:28 PM IAVM reference STIG Severity Plugin Feed: 202406071228
版本 1.10 May 20, 2024, 10:13 AM Logic Changes Plugin Feed: 202405201013
版本 1.9 May 9, 2024, 6:10 PM New Plugin Feed: 202405091810
版本 1.6 Apr 3, 2024, 1:48 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C") Exploit attributes ("Exploited by malware" set to "True") Plugin Feed: 202404031348
版本 1.5 Apr 2, 2024, 10:16 PM Detection (added alternative commands for IOC detection) Plugin Feed: 202404022216
版本 1.3 Apr 1, 2024, 3:13 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True". "Exploitability ease" set to "Exploits are available") Plugin Feed: 202404011513
版本 1.2 Mar 31, 2024, 9:46 PM Detection (tightening of the check for return conditions from the hexdump command) Plugin Feed: 202403312146
版本 1.1 Mar 30, 2024, 4:20 PM New Plugin Feed: 202403301620
版本 1.0 Mar 30, 2024, 1:01 AM New Plugin Feed: 202403300101

* Changelogs are generally available for changes made after Nov 1, 2022