Vulnerabilities > CVE-2019-5021
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. This vulnerability appears to be the result of a regression introduced in December of 2015. Due to the nature of this issue, systems deployed using affected versions of the Alpine Linux container which utilize Linux PAM, or some other mechanism which uses the system shadow file as an authentication database, may accept a NULL password for the `root` user.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 7 | |
| Application | 1 | |
| OS | 1 | |
| OS | 2 |
Nessus
NASL family Default Unix Accounts NASL id ACCOUNT_ROOT.NASL description The account last seen 2020-06-01 modified 2020-06-02 plugin id 11245 published 2003-02-20 reporter This script is Copyright (C) 2003-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/11245 title Unpassworded 'root' Account code # # (C) Tenable Network Security, Inc. # account = "root"; include("compat.inc"); if (description) { script_id(11245); script_version ("1.31"); script_cvs_date("Date: 2019/05/08 17:05:59"); script_cve_id("CVE-1999-0502", "CVE-2019-5021"); script_name(english:"Unpassworded 'root' Account"); script_summary(english:"Attempts to log in to the remote host."); script_set_attribute(attribute:"synopsis", value: "The remote host has an account with no password set."); script_set_attribute(attribute:"description", value: "The account 'root' has no password set."); script_set_attribute(attribute:"solution", value: "Set a strong password for this account."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:TF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:T/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'SSH User Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value: "2001/01/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2003/02/20"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"default_account", value:"true"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Default Unix Accounts"); script_copyright(english:"This script is Copyright (C) 2003-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("find_service1.nasl", "ssh_detect.nasl", "account_check.nasl"); script_require_ports("Services/telnet", 23, "Services/ssh", 22); script_exclude_keys("global_settings/supplied_logins_only"); exit(0); } # # The script code starts here : # include("audit.inc"); include("default_account.inc"); include("global_settings.inc"); if (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY); if (! thorough_tests && ! get_kb_item("Settings/test_all_accounts")) exit(0, "Neither thorough_tests nor 'Settings/test_all_accounts' is set."); affected = FALSE; ssh_ports = get_service_port_list(svc: "ssh", default:22); foreach port (ssh_ports) { port = check_account(login:account, port:port, svc:"ssh"); if (port) { affected = TRUE; security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report()); } } if(affected) exit(0); telnet_ports = get_service_port_list(svc: "telnet", default:23); foreach port (telnet_ports) { port = check_account(login:account, port:port, svc:"telnet"); if (port) { affected = TRUE; security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report()); } } if(!affected) audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1495.NASL description This update for sles12sp3-docker-image, sles12sp4-image, system-user-root fixes the following issues : - CVE-2019-5021: Include an invalidated root password by default, not an empty one (bsc#1134524) This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 125718 published 2019-06-05 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125718 title openSUSE Security Update : system-user-root (openSUSE-2019-1495) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2019-1495. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(125718); script_version("1.2"); script_cvs_date("Date: 2020/01/10"); script_cve_id("CVE-2019-5021"); script_name(english:"openSUSE Security Update : system-user-root (openSUSE-2019-1495)"); script_summary(english:"Check for the openSUSE-2019-1495 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for sles12sp3-docker-image, sles12sp4-image, system-user-root fixes the following issues : - CVE-2019-5021: Include an invalidated root password by default, not an empty one (bsc#1134524) This update was imported from the SUSE:SLE-15:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134524" ); script_set_attribute( attribute:"solution", value:"Update the affected system-user-root package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:system-user-root"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/08"); script_set_attribute(attribute:"patch_publication_date", value:"2019/06/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/05"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE15\.0|SUSE15\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0 / 15.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if ( rpm_check(release:"SUSE15.0", reference:"system-user-root-20190513-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"system-user-root-20190513-lp151.3.3.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "system-user-root"); }
Talos
| id | TALOS-2019-0782 |
| last seen | 2019-05-29 |
| published | 2019-05-08 |
| reporter | Talos Intelligence |
| source | http://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0782 |
| title | Alpine Linux Docker Image root User Hard-Coded Credential Vulnerability |
References
- https://talosintelligence.com/vulnerability_reports/TALOS-2019-0782
- http://www.securityfocus.com/bid/108288
- https://security.netapp.com/advisory/ntap-20190510-0001/
- https://alpinelinux.org/posts/Docker-image-vulnerability-CVE-2019-5021.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00004.html
- https://support.f5.com/csp/article/K25551452