[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-91220-4

Platform: cpe:/o:ubuntu:ubuntu_linux:14.04Date: (C)2017-03-14   (M)2023-07-04



Set User/Group Owner and Permission on /etc/crontab (Scored) The /etc/crontab file is used by cron to control its own jobs. The commands in this item make sure that root is the user and group owner of the file and that only the owner can access the file.


Parameter:

[root group owns, root user owns, permission 600]


Technical Mechanism:

This file contains information on what system jobs are run by cron. Write access to these files could provide unprivileged users with the ability to elevate their privileges. Read access to these files could provide users with the ability to gain insight on system jobs that run on the system and could provide them a way to gain unauthorized privileged access. Fix: # chown root:root /etc/crontab # chmod og-rwx /etc/crontab

CCSS Severity:CCSS Metrics:
CCSS Score : 4.2Attack Vector: LOCAL
Exploit Score: 0.8Attack Complexity: LOW
Impact Score: 3.4Privileges Required: HIGH
Severity: MEDIUMUser Interaction: NONE
Vector: AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:LScope: UNCHANGED
 Confidentiality: LOW
 Integrity: LOW
 Availability: LOW
  

References:
Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:33918


OVAL    1
oval:org.secpod.oval:def:33918
XCCDF    1
xccdf_org.secpod_benchmark_general_Ubuntu_14_04

© SecPod Technologies