CCE-95472-7Platform: cpe:/o:amazon:linux:2, cpe:/o:centos:centos:7, cpe:/o:oracle:linux:7, cpe:/o:oracle:linux:8, cpe:/o:redhat:enterprise_linux:7, cpe:/o:redhat:enterprise_linux:8, cpe:/o:redhat:enterprise_linux:9 | Date: (C)2021-03-05 (M)2023-07-04 |
Description:
Although the useradd program will not let you create a duplicate User ID (UID), it is
possible for an administrator to manually edit the /etc/passwd file and change the UID
field.
Rationale:
Users must be assigned unique UIDs for accountability and to ensure appropriate access
protections.
Audit:
Run the following script and verify no results are returned:
#!/bin/bash
cut -f3 -d":" /etc/passwd | sort -n | uniq -c | while read x ; do
[ -z "$x" ] && break
set - $x
if [ $1 -gt 1 ]; then
users=$(awk -F: '($3 == n) { print $1 }' n=$2 /etc/passwd | xargs)
echo "Duplicate UID ($2): $users"
fi
done
Remediation:
Based on the results of the audit script, establish unique UIDs and review all files owned by
the shared UIDs to determine which UID they are supposed to belong to.
Parameter:
[yes/no]
Technical Mechanism:
Based on the results of the audit script, establish unique UIDs and review all files owned by
the shared UIDs to determine which UID they are supposed to belong to.
CCSS Severity: | CCSS Metrics: |
CCSS Score : 8.8 | Attack Vector: LOCAL |
Exploit Score: 2.0 | Attack Complexity: LOW |
Impact Score: 6.0 | Privileges Required: LOW |
Severity: HIGH | User Interaction: NONE |
Vector: AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H | Scope: CHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:73023 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72709 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72044 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:68623 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72410 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72918 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72812 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:84284 |