New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research

Search

Alpine Linux Vulnerabilities

The popular Alpine Linux distribution (distro) has been found to have a very serious security flaw dating back to late 2015. The Alpine Linux distro states that they are a lightweight and security-oriented system that has had a bug in it for the last 3 years which removed the root password requirement and left it open, inadvertently allowing hackers to access the root system of a user’s systems. It was found by researchers that the problem comes from an update that was published in 2015 that accidentally removed this requirement. Attackers are able to use the keyword “root” as the username, leave the password blank and gain access. The affected distros include versions 3.3, 3.4 3.5, 3.6, 3.7, 3.8 and version 3.9. The vulnerability has been reported to be fixed and closed as of March 8th, 2019. The official Alpine Linus distro has been downloaded over 10 million times.

Analyst Notes

If a user is using this distro, the issue was stated to be fixed by the Alpine Linux manufactures in new releases. The user should find the new release and use the newest available. Users should also disable the root login by opening and shell and inputting the following command “RUN sed -i -e ‘s/^root::/root:!:/’ /etc/shadow.” According to Alpine, users should also verify that Linux-pam is not installed.