CCE-95471-9Platform: cpe:/o:amazon:linux:2, cpe:/o:centos:centos:7, cpe:/o:oracle:linux:7, cpe:/o:oracle:linux:8, cpe:/o:redhat:enterprise_linux:7, cpe:/o:redhat:enterprise_linux:8, cpe:/o:redhat:enterprise_linux:9 | Date: (C)2021-03-05 (M)2023-07-04 |
Description:
Although the groupadd program will not let you create a duplicate Group ID (GID), it is
possible for an administrator to manually edit the /etc/group file and change the GID field.
Rationale:
User groups must be assigned unique GIDs for accountability and to ensure appropriate
access protections.
Audit:
Run the following script and verify
#!/bin/bash
cut -d: -f3 /etc/group | sort | uniq -d | while read x ; do
echo "Duplicate GID ($x) in /etc/group"
done
Remediation:
Based on the results of the audit script, establish unique GIDs and review all files owned by
the shared GID to determine which group they are supposed to belong to.
Notes:
You can also use the grpck command to check for other inconsistencies in the /etc/group
file.
Parameter:
[yes/no]
Technical Mechanism:
Based on the results of the audit script, establish unique GIDs and review all files owned by
the shared GID to determine which group they are supposed to belong to.
CCSS Severity: | CCSS Metrics: |
CCSS Score : 8.8 | Attack Vector: LOCAL |
Exploit Score: 2.0 | Attack Complexity: LOW |
Impact Score: 6.0 | Privileges Required: LOW |
Severity: HIGH | User Interaction: NONE |
Vector: AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H | Scope: CHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72917 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:84290 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72050 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:68622 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:73022 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72708 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72416 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72811 |