Vulnerabilities > CVE-2019-5021

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

gliderlabs

opensuse

critical

nessus

NVD

Published: 2019-05-08

Updated: 2022-06-13

Summary

Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. This vulnerability appears to be the result of a regression introduced in December of 2015. Due to the nature of this issue, systems deployed using affected versions of the Alpine Linux container which utilize Linux PAM, or some other mechanism which uses the system shadow file as an authentication database, may accept a NULL password for the `root` user.

Vulnerable Configurations

Part	Description	Count
Application	Gliderlabs Gliderlabs Docker Alpine 3.3 Gliderlabs Docker Alpine 3.4 Gliderlabs Docker Alpine 3.5 Gliderlabs Docker Alpine 3.6 Gliderlabs Docker Alpine 3.7 Gliderlabs Docker Alpine 3.8 Gliderlabs Docker Alpine 3.9	7
Application	F5 F5 BIG IP Controller 1.2.1	1
OS	Alpinelinux Alpinelinux Alpine Linux -	1
OS	Opensuse Opensuse Leap 15.0 Opensuse Leap 15.1	2

Nessus

NASL family	Default Unix Accounts
NASL id	ACCOUNT_ROOT.NASL
description	The account
last seen	2020-06-01
modified	2020-06-02
plugin id	11245
published	2003-02-20
reporter	This script is Copyright (C) 2003-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/11245
title	Unpassworded 'root' Account
code	# # (C) Tenable Network Security, Inc. # account = "root"; include("compat.inc"); if (description) { script_id(11245); script_version ("1.31"); script_cvs_date("Date: 2019/05/08 17:05:59"); script_cve_id("CVE-1999-0502", "CVE-2019-5021"); script_name(english:"Unpassworded 'root' Account"); script_summary(english:"Attempts to log in to the remote host."); script_set_attribute(attribute:"synopsis", value: "The remote host has an account with no password set."); script_set_attribute(attribute:"description", value: "The account 'root' has no password set."); script_set_attribute(attribute:"solution", value: "Set a strong password for this account."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:TF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:T/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'SSH User Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value: "2001/01/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2003/02/20"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"default_account", value:"true"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Default Unix Accounts"); script_copyright(english:"This script is Copyright (C) 2003-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("find_service1.nasl", "ssh_detect.nasl", "account_check.nasl"); script_require_ports("Services/telnet", 23, "Services/ssh", 22); script_exclude_keys("global_settings/supplied_logins_only"); exit(0); } # # The script code starts here : # include("audit.inc"); include("default_account.inc"); include("global_settings.inc"); if (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY); if (! thorough_tests && ! get_kb_item("Settings/test_all_accounts")) exit(0, "Neither thorough_tests nor 'Settings/test_all_accounts' is set."); affected = FALSE; ssh_ports = get_service_port_list(svc: "ssh", default:22); foreach port (ssh_ports) { port = check_account(login:account, port:port, svc:"ssh"); if (port) { affected = TRUE; security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report()); } } if(affected) exit(0); telnet_ports = get_service_port_list(svc: "telnet", default:23); foreach port (telnet_ports) { port = check_account(login:account, port:port, svc:"telnet"); if (port) { affected = TRUE; security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report()); } } if(!affected) audit(AUDIT_HOST_NOT, "affected");

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2019-1495.NASL
description	This update for sles12sp3-docker-image, sles12sp4-image, system-user-root fixes the following issues : - CVE-2019-5021: Include an invalidated root password by default, not an empty one (bsc#1134524) This update was imported from the SUSE:SLE-15:Update update project.
last seen	2020-06-01
modified	2020-06-02
plugin id	125718
published	2019-06-05
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/125718
title	openSUSE Security Update : system-user-root (openSUSE-2019-1495)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2019-1495. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(125718); script_version("1.2"); script_cvs_date("Date: 2020/01/10"); script_cve_id("CVE-2019-5021"); script_name(english:"openSUSE Security Update : system-user-root (openSUSE-2019-1495)"); script_summary(english:"Check for the openSUSE-2019-1495 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for sles12sp3-docker-image, sles12sp4-image, system-user-root fixes the following issues : - CVE-2019-5021: Include an invalidated root password by default, not an empty one (bsc#1134524) This update was imported from the SUSE:SLE-15:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134524" ); script_set_attribute( attribute:"solution", value:"Update the affected system-user-root package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:system-user-root"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/08"); script_set_attribute(attribute:"patch_publication_date", value:"2019/06/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/05"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE15\.0\|SUSE15\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0 / 15.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if ( rpm_check(release:"SUSE15.0", reference:"system-user-root-20190513-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"system-user-root-20190513-lp151.3.3.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "system-user-root"); }

Talos

id	TALOS-2019-0782
last seen	2019-05-29
published	2019-05-08
reporter	Talos Intelligence
source	http://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0782
title	Alpine Linux Docker Image root User Hard-Coded Credential Vulnerability

Vulnerabilities > CVE-2019-5021 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2019-5021"}]}

Summary

Vulnerable Configurations

Nessus

Talos

References

Vulnerabilities > CVE-2019-5021