SSHD libkeyutils Backdoor

critical Nessus Plugin ID 64913

Synopsis

The remote host may be compromised.

Description

The remote host appears to contain a trojaned libkeyutils library. The trojaned library links to SSHD, steals credentials, and sends spam.

Solution

Verify whether or not the system has been compromised. Restore from known good backups and investigate the network for further signs of a compromise, if necessary.

See Also

http://www.webhostingtalk.com/showthread.php?t=1235797

http://www.nessus.org/u?f62cb60d

http://www.nessus.org/u?b03816df

http://www.nessus.org/u?4958f5dd

http://www.webhostingtalk.com/showpost.php?p=8563741&postcount=284

Plugin Details

Severity: Critical

ID: 64913

File Name: sshd_libkeyutils_backdoor.nasl

Version: 1.6

Type: local

Family: General

Published: 2/27/2013

Updated: 11/27/2023

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: Host/local_checks_enabled