CCE-94347-2Platform: cpe:/o:oracle:linux:8, cpe:/o:redhat:enterprise_linux:8, cpe:/o:redhat:enterprise_linux:9 | Date: (C)2019-11-07 (M)2023-07-04 |
The 'openldap-servers' package should be removed if not in use.
Is this machine the OpenLDAP server? If not, remove the package.
'$ sudo yum erase openldap-servers'
The openldap-servers RPM is not installed by default on OEL 8
machines. It is needed only by the OpenLDAP server, not by the
clients which use LDAP for authentication. If the system is not
intended for use as an LDAP Server it should be removed.
Parameter:
[no/yes]
Technical Mechanism:
Unnecessary packages should not be installed to decrease the attack
surface of the system. While this software is clearly essential on an LDAP
server, it is not necessary on typical desktop or workstation systems.
CCSS Severity: | CCSS Metrics: |
CCSS Score : 8.0 | Attack Vector: NETWORK |
Exploit Score: 1.3 | Attack Complexity: HIGH |
Impact Score: 6.0 | Privileges Required: HIGH |
Severity: HIGH | User Interaction: NONE |
Vector: AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H | Scope: CHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:55755 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:84067 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72192 |