XZ Utils SSH バックドアへのサイバーエクスポージャーの可能性 (CVE-2024-3094)

critical Nessus プラグイン ID 192708

Language:

バージョン 1.116 Oct 27, 2025, 3:15 PM Logic Changes (Gate HTTP debugging behind hidden preference) Plugin Feed: 202510271515
バージョン 1.115 Oct 23, 2025, 3:11 AM Logic Changes (Fix HTTP/1 library to make sure it closes unused Keep-Alive connections) Plugin Feed: 202510230311
バージョン 1.113 Oct 21, 2025, 3:09 AM Logic Changes (Implement workaround in SSH library to prevent triggering an engine bug.) Plugin Feed: 202510210309
バージョン 1.112 Oct 16, 2025, 4:39 PM Logic Changes (Implement workaround in HTTP library to prevent triggering an engine bug.) Plugin Feed: 202510161639
バージョン 1.110 Oct 10, 2025, 2:37 AM Detection (Updated 'PatchLog' extraction. update to support Docker/containerd storage directory inclusions/exclusions) Plugin Feed: 202510100237
バージョン 1.109 Oct 8, 2025, 9:19 AM Logic Changes (Allow forking plugins to report all installs for structured vuln data.) Plugin Feed: 202510080919
バージョン 1.108 Oct 1, 2025, 9:12 PM Logic Changes (Adding support for user-supplied header added to all HTTP requests.) Plugin Feed: 202510012112
バージョン 1.107 Sep 30, 2025, 12:41 AM Logic Changes (Various corrections and fixes for CPE related Flatline Test Failures) Plugin Feed: 202509300041
バージョン 1.105 Sep 11, 2025, 2:55 PM Logic Changes (Handle file associations for Snap packages in shared library. Currently active for OpenSSL, Curl and libcurl) Plugin Feed: 202509111455
バージョン 1.103 Aug 27, 2025, 5:32 PM Logic Changes (Consider findings located in /snap directory as managed by the OS.) Plugin Feed: 202508271732
バージョン 1.102 Aug 26, 2025, 7:20 AM Logic Changes Plugin Feed: 202508260720
バージョン 1.101 Jul 28, 2025, 4:47 PM Logic Changes (RSA SSH certificates can use SHA2 signatures when needed) Plugin Feed: 202507281647
バージョン 1.99 Jul 10, 2025, 5:41 PM Logic Changes (Windows CA support) Plugin Feed: 202507101741
バージョン 1.98 Jun 27, 2025, 8:01 PM Logic Changes Plugin Feed: 202506272001
バージョン 1.97 Jun 23, 2025, 9:47 PM Logic Changes Plugin Feed: 202506232147
バージョン 1.96 Jun 16, 2025, 4:11 PM Logic Changes (Validate X509 certificates against CA's CRL in preference to OCSP.) Plugin Feed: 202506161611
バージョン 1.95 May 28, 2025, 6:51 PM Detection (Experimental Mode for Apache Log4j detection. Only sets find exclude path, no longer registers the install. detect containerd installed from binaries unmanaged) Plugin Feed: 202505281851
バージョン 1.94 May 28, 2025, 9:47 AM Logic Changes (Streamline SSH compatibility code) Plugin Feed: 202505280947
バージョン 1.93 Apr 30, 2025, 5:21 PM Logic Changes (Exclude container storage directories from find searches.) Plugin Feed: 202504301721
バージョン 1.92 Apr 28, 2025, 4:40 PM New Logic Changes (Handling absence of SSH privilege escalation uniformly across products) Plugin Feed: 202504281640
バージョン 1.90 Apr 1, 2025, 12:23 AM Logic Changes (Handle Cisco devices that echo command and prompt before command results.) Plugin Feed: 202504010023
バージョン 1.88 Mar 20, 2025, 7:47 AM Detection (Handle DISA /etc/profile.d/ssh_confirm.sh consent prompt.) Plugin Feed: 202503200747
バージョン 1.86 Mar 6, 2025, 7:23 AM Detection (Handle long MOTD with pagination on Nokia devices.) Plugin Feed: 202503060723
バージョン 1.85 Mar 3, 2025, 5:54 PM Logic Changes (improve detection for some devices) Plugin Feed: 202503031754
バージョン 1.83 Feb 28, 2025, 9:08 PM New Plugin Feed: 202502282108
バージョン 1.82 Feb 12, 2025, 3:29 PM Logic Changes Plugin Feed: 202502121529
バージョン 1.81 Feb 12, 2025, 1:58 AM Logic Changes Plugin Feed: 202502120158
バージョン 1.80 Feb 10, 2025, 4:00 PM Logic Changes Plugin Feed: 202502101600
バージョン 1.78 Jan 22, 2025, 5:44 PM New Plugin Feed: 202501221744
バージョン 1.77 Jan 21, 2025, 6:17 PM Detection (Add SSH local checks support for Union Tech UOS) Logic Changes (Tighten recognition of need to escalate.) Plugin Feed: 202501211817
バージョン 1.73 Jan 13, 2025, 10:27 PM New Plugin Feed: 202501132227
バージョン 1.72 Jan 13, 2025, 7:38 PM Logic Changes (Add display fix to structured reporting.) Plugin Feed: 202501131938
バージョン 1.68 Dec 30, 2024, 4:30 PM Logic Changes (Catch errors when rehoming find commands under sudo escalation. Ensure escalation user home with tilde.) Plugin Feed: 202412301630
バージョン 1.67 Dec 24, 2024, 11:44 AM New Plugin Feed: 202412241144
バージョン 1.66 Dec 18, 2024, 9:32 PM Detection (Set a prompt of our own in 'nix shells to handle misconfigured scan user prompts) Plugin Feed: 202412182132
バージョン 1.65 Dec 18, 2024, 7:05 AM Detection (Fixed SSH authentication using the "none" method) Plugin Feed: 202412180705
バージョン 1.64 Dec 16, 2024, 8:47 PM Logic Changes (Handle Alibaba Linux rpm lists the same as other RPM based distros) Plugin Feed: 202412162047
バージョン 1.63 Dec 6, 2024, 8:13 PM Detection (Better debugging related to local checks evaluations) Plugin Feed: 202412062013
バージョン 1.62 Dec 3, 2024, 3:59 PM Detection (Support Azure Linux for generated package plugins.) Plugin Feed: 202412031559
バージョン 1.61 Nov 22, 2024, 6:54 PM Logic Changes (Fixed installation reporting) Plugin Feed: 202411221854
バージョン 1.60 Nov 12, 2024, 8:29 PM Logic Changes (Adding installs report) Plugin Feed: 202411122029
バージョン 1.58 Nov 7, 2024, 8:25 PM Logic Changes Plugin Feed: 202411072025
バージョン 1.57 Nov 6, 2024, 2:41 PM Detection (adding support for Forescout CounterACT) Plugin Feed: 202411061441
バージョン 1.56 Oct 30, 2024, 4:21 PM Detection (Process file exclusion wildcards in a consistent way across find, locate, etc.) Plugin Feed: 202410301621
バージョン 1.55 Oct 29, 2024, 8:44 PM Logic Changes (Extend structured reporting to vcf_extras) Plugin Feed: 202410292044
バージョン 1.53 Oct 23, 2024, 3:47 PM Plugin metadata (update thorough_tests attribute) Plugin Feed: 202410231547
バージョン 1.49 Oct 10, 2024, 11:57 PM New Plugin Feed: 202410102357
バージョン 1.48 Oct 10, 2024, 4:58 AM Detection (Change dir to $HOME before find commands to handle weird find behavior with escalation.) Plugin Feed: 202410100458
バージョン 1.47 Oct 9, 2024, 5:56 PM Logic Changes (Corrects vulnerability-finding structured data tags to include the port.) Plugin Feed: 202410091756
バージョン 1.43 Oct 3, 2024, 6:29 PM Detection (Adding hardware constraint support to VCF and UCF) Plugin Feed: 202410031829
バージョン 1.42 Oct 2, 2024, 4:10 PM Logic Changes (Adds structured data reports to a subset of manual plugins.) Plugin Feed: 202410021610
バージョン 1.41 Sep 26, 2024, 4:34 PM Detection (adding package association overrides) Plugin Feed: 202409261634
バージョン 1.40 Sep 25, 2024, 3:12 PM Detection (Adding support for user-supplied timeout value for the find command.) Plugin Feed: 202409251512
バージョン 1.37 Sep 11, 2024, 5:35 PM New (Detects QUIC servers running on the target. Implement a NASL QUIC library to support detection of HTTP/3 and possibly more) Plugin Feed: 202409111735
バージョン 1.36 Sep 10, 2024, 4:59 PM New Plugin Feed: 202409101659
バージョン 1.35 Sep 3, 2024, 11:47 PM Logic Changes (additional data collection for runtime scanning. fixed logic bug causing potential false negatives. fixed logic bug causing potential false positives. fixed logic bug with potential to break cyberark logins) Plugin Feed: 202409032347
バージョン 1.33 Sep 3, 2024, 5:26 PM Detection (Support for Aruba CPPM SSH based local checks) Plugin Feed: 202409031726
バージョン 1.32 Aug 14, 2024, 8:33 PM Logic Changes (Endianness fix in Kerberos authentication for SCAP scanning) Plugin Feed: 202408142033
バージョン 1.31 Aug 14, 2024, 2:40 AM New Plugin requirements (Trusted) Plugin Feed: 202408140240
バージョン 1.29 Aug 8, 2024, 4:43 PM Logic Changes (Support OpenSSH private key formats for authentication.) Plugin Feed: 202408081643
バージョン 1.25 Jul 24, 2024, 6:31 PM Logic Changes (Modernize SSH usage to optimize behavior on Nessus Agents.. adding AI family) Plugin Feed: 202407241831
バージョン 1.24 Jul 23, 2024, 9:24 PM New Plugin Feed: 202407232124
バージョン 1.22 Jul 17, 2024, 11:02 PM Logic Changes Plugin Feed: 202407172302
バージョン 1.21 Jul 6, 2024, 12:22 AM Detection (Changes to support Juniper Session Smart Router) Plugin Feed: 202407060022
バージョン 1.20 Jul 5, 2024, 9:04 PM Detection (Adding detection of Juniper SSR devices) Plugin Feed: 202407052104
バージョン 1.19 Jun 27, 2024, 9:09 PM New (Deploy nessus_utils binaries on the Nessus Agent) Plugin Feed: 202406272109
バージョン 1.16 Jun 21, 2024, 6:31 PM Detection (updated detection for SonicOS devices) Plugin Feed: 202406211831
バージョン 1.15 Jun 21, 2024, 2:16 PM Logic Changes Plugin Feed: 202406211416
バージョン 1.14 Jun 14, 2024, 7:07 PM Logic Changes (added additional check for command failures.) Plugin Feed: 202406141907
バージョン 1.12 Jun 7, 2024, 12:28 PM IAVM reference STIG Severity Plugin Feed: 202406071228
バージョン 1.10 May 20, 2024, 10:13 AM Logic Changes Plugin Feed: 202405201013
バージョン 1.9 May 9, 2024, 6:10 PM New Plugin Feed: 202405091810
バージョン 1.6 Apr 3, 2024, 1:48 PM Exploit attributes ("Exploited by malware" set to "True") CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C") Plugin Feed: 202404031348
バージョン 1.5 Apr 2, 2024, 10:16 PM Detection (added alternative commands for IOC detection) Plugin Feed: 202404022216
バージョン 1.3 Apr 1, 2024, 3:13 PM Exploit attributes ("Exploit available" set to "True". "Exploitability ease" set to "Exploits are available") CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") Plugin Feed: 202404011513
バージョン 1.2 Mar 31, 2024, 9:46 PM Detection (tightening of the check for return conditions from the hexdump command) Plugin Feed: 202403312146
バージョン 1.1 Mar 30, 2024, 4:20 PM New Plugin Feed: 202403301620
バージョン 1.0 Mar 30, 2024, 1:01 AM New Plugin Feed: 202403300101

* Changelogs are generally available for changes made after Nov 1, 2022