Random password for 'root' account

critical Nessus Plugin ID 40987

Synopsis

The remote system has an authentication bypass vulnerability.

Description

Nessus was able to login to the remote host as 'root' via SSH with a random password.

A remote attacker can exploit this to gain access to the affected host, possibly at an administrative level.

This may be due to a known issue with some versions of Ubuntu's libpam-runtime package when used in a non-default manner, although Nessus has not tried to verify the underlying cause.

Solution

If the remote host is running Ubuntu, upgrade to libpam-runtime 1.0.1-4ubuntu5.6 / 1.0.1-9ubuntu1.1 or later.

Otherwise, make sure the root account is secured with a strong password, and SSH is configured to require authentication.

See Also

https://bugs.launchpad.net/ubuntu/+source/pam/+bug/410171

https://usn.ubuntu.com/828-1/

Plugin Details

Severity: Critical

ID: 40987

File Name: account_root_randpw.nasl

Version: 1.17

Type: remote

Published: 9/15/2009

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Excluded KB Items: global_settings/supplied_logins_only

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 8/7/2009

Reference Information

CVE: CVE-2009-3232

BID: 36306

CWE: 287

Secunia: 36620