« previous next »
Pages: [1]   Go Down

Malware Report possibly affecting Salkstream users...

0 Members and 1 Guest are viewing this topic. Read 248 times.

Saturn94

  • Full Member
  • Posts: 1753
Malware Report possibly affecting Salkstream users...
« on: 30 Mar 2024, 10:21 pm »
An FYI for fellow Salkstream users....

I came across this today on the Roon Forum:

https://community.roonlabs.com/t/xz-utils-malware-reported-today/269378

It's also mentioned here on the AchLinux site:

https://archlinux.org/

I was able to determine the version on my Salkstream III (I updated the OS earlier this month) was affected, so I updated again.  I'm certainly not qualified to determine how serious an issue this is for Salkstream users, but it bothered me enough to seek a solution.

 
Logged

newzooreview

Re: Malware Report possibly affecting Salkstream users...
« Reply #1 on: 30 Mar 2024, 11:06 pm »
"The new exploit, identified as CVE-2024-3094, is a critical vulnerability found in the XZ Utils, specifically in versions 5.6.0 and 5.6.1 of the xz libraries. This vulnerability allows for a backdoor that enables unauthorized remote access to affected systems by bypassing sshd authentication, which could grant a threat actor comprehensive control over the entire system."

It seems unlikely that the Salkstream would be visible from outside the network and have SSH enabled. The Salkstream is designed to work on the LAN, and for most home networks, you would have to change the default firewall on the gateway to allow a device on the LAN to be seen from outside.

I could be wrong. The Salkstream might have SSH turned on by default and some home networks might not have good default firewall rules.
Logged

Saturn94

  • Full Member
  • Posts: 1753
Re: Malware Report possibly affecting Salkstream users...
« Reply #2 on: 31 Mar 2024, 12:34 am »
Quote from: newzooreview on 30 Mar 2024, 11:06 pm
"The new exploit, identified as CVE-2024-3094, is a critical vulnerability found in the XZ Utils, specifically in versions 5.6.0 and 5.6.1 of the xz libraries. This vulnerability allows for a backdoor that enables unauthorized remote access to affected systems by bypassing sshd authentication, which could grant a threat actor comprehensive control over the entire system."

It seems unlikely that the Salkstream would be visible from outside the network and have SSH enabled. The Salkstream is designed to work on the LAN, and for most home networks, you would have to change the default firewall on the gateway to allow a device on the LAN to be seen from outside.

I could be wrong. The Salkstream might have SSH turned on by default and some home networks might not have good default firewall rules.

Hopefully, you are correct and this is a non-issue for the Salkstream.  I really don’t know, but felt more comfortable updating to be safe.

Also, I don’t know if using Roon ARC makes the Salkstream more vulnerable.
Logged
Pages: [1]   Go Up
« previous next »