SSHD libkeyutils Backdoor

critical Nessus Plugin ID 64913


The remote host may be compromised.


The remote host appears to contain a trojaned libkeyutils library. The trojaned library links to SSHD, steals credentials, and sends spam.


Verify whether or not the system has been compromised. Restore from known good backups and investigate the network for further signs of a compromise, if necessary.

See Also

Plugin Details

Severity: Critical

ID: 64913

File Name: sshd_libkeyutils_backdoor.nasl

Version: 1.6

Type: local

Family: General

Published: 2/27/2013

Updated: 11/27/2023

Supported Sensors: Nessus

Risk Information


Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: Host/local_checks_enabled