CCE-90500-0| Platform: cpe:/o:ubuntu:ubuntu_linux:14.10 | Date: (C)2023-07-04 (M)2023-07-04 |
The
<xhtml:code>nosuid</xhtml:code>
mount option prevents set-user-identifier (suid)
and set-group-identifier (sgid) permissions from taking effect. These permissions
allow users to execute binaries with the same permissions as the owner and group
of the file respectively. Users should not be allowed to introduce suid and guid
files into the system via partitions mounted from removeable media.
Add the
<xhtml:code>nosuid</xhtml:code>
option to the fourth column of
<xhtml:code>/etc/fstab</xhtml:code>
for the line which controls mounting of
any removable media partitions.
Parameter:
[]
Technical Mechanism:
| CCSS Severity: | CCSS Metrics: |
| CCSS Score : 8.8 | Attack Vector: LOCAL |
| Exploit Score: 2.0 | Attack Complexity: LOW |
| Impact Score: 6.0 | Privileges Required: LOW |
| Severity: HIGH | User Interaction: NONE |
| Vector: AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H | Scope: CHANGED |
| | Confidentiality: HIGH |
| | Integrity: HIGH |
| | Availability: HIGH |
| | |
References: | Resource Id | Reference |
|---|
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:25991 |
