Random password for 'root' account

Critical Nessus Plugin ID 40987

Synopsis

The remote system has an authentication bypass vulnerability.

Description

Nessus was able to login to the remote host as 'root' via SSH with a random password.

A remote attacker can exploit this to gain access to the affected host, possibly at an administrative level.

This may be due to a known issue with some versions of Ubuntu's libpam-runtime package when used in a non-default manner, although Nessus has not tried to verify the underlying cause.

Solution

If the remote host is running Ubuntu, upgrade to libpam-runtime 1.0.1-4ubuntu5.6 / 1.0.1-9ubuntu1.1 or later.

Otherwise, make sure the root account is secured with a strong password, and SSH is configured to require authentication.

See Also

https://bugs.launchpad.net/ubuntu/+source/pam/+bug/410171

https://usn.ubuntu.com/828-1/

Plugin Details

Severity: Critical

ID: 40987

File Name: account_root_randpw.nasl

Version: 1.17

Type: remote

Published: 2009/09/15

Updated: 2018/11/15

Dependencies: 55900, 10267, 17975

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Excluded KB Items: global_settings/supplied_logins_only

Exploit Available: false

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 2009/08/07

Reference Information

CVE: CVE-2009-3232

BID: 36306

Secunia: 36620

CWE: 287