CCE-95470-1| Platform: cpe:/o:amazon:linux:2, cpe:/o:centos:centos:7, cpe:/o:oracle:linux:7, cpe:/o:oracle:linux:8, cpe:/o:redhat:enterprise_linux:7, cpe:/o:redhat:enterprise_linux:8, cpe:/o:redhat:enterprise_linux:9 | Date: (C)2021-03-05 (M)2023-07-04 |
Description:
Any account with UID 0 has superuser privileges on the system.
Rationale:
This access must be limited to only the default root account and only from the system
console. Administrative access must be through an unprivileged account using an approved
mechanism as noted in Item 5.6 Ensure access to the su command is restricted.
Audit:
Run the following command and verify that only "root" is returned:
# awk -F: '($3 == 0) { print $1 }' /etc/passwd
root
Remediation:
Remove any users other than root with UID 0 or assign them a new UID if appropriate.
Parameter:
[yes/no]
Technical Mechanism:
Remove any users other than root with UID 0 or assign them a new UID if appropriate.
| CCSS Severity: | CCSS Metrics: |
| CCSS Score : 8.8 | Attack Vector: LOCAL |
| Exploit Score: 2.0 | Attack Complexity: LOW |
| Impact Score: 6.0 | Privileges Required: LOW |
| Severity: HIGH | User Interaction: NONE |
| Vector: AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H | Scope: CHANGED |
| | Confidentiality: HIGH |
| | Integrity: HIGH |
| | Availability: HIGH |
| | |
References: | Resource Id | Reference |
|---|
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72810 |
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72121 |
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72916 |
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:84292 |
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:73021 |
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72707 |
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:68621 |
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72418 |
