Rapid7 Vulnerability & Exploit Database

Alpine Linux: ssh-keysign is setuid root

Back to Search

Alpine Linux: ssh-keysign is setuid root

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
08/27/2014
Created
07/25/2018
Added
08/30/2017
Modified
12/12/2019

Description

The ssh-keysign binary is only used by the ssh command for authentication via the client's private host key (as opposed to the user's key) and username, a scheme which is rarely used and has dubious security properties. Since bugs in this program could yield local root compromise or expose the host key to users (allowing MITM attacks against ssh logins), this program should be considered high-risk and should not be installed setuid by default. It could be moved to a separate optional package or just removed.

Solution(s)

  • alpine-linux-upgrade-openssh

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;