CCE-95711-8Platform: cpe:/o:ubuntu:ubuntu_linux:20.04 | Date: (C)2023-12-20 (M)2023-12-20 |
Description: The ptrace() system call provides a means by which one process (the "tracer") may observe and control the execution of another process (the "tracee"), and examine and change the tracee's memory and registers.
Rationale:
If one application is compromised, it would be possible for an attacker to attach to other running processes (e.g. Bash, Firefox, SSH sessions, GPG agent, etc) to extract additional credentials and continue to expand the scope of their attack.
Enabling restricted mode will limit the ability of a compromised process to PTRACE_ATTACH on other processes running under the same user. With restricted mode, ptrace will continue to work with root user.
Remediation:
Set the following parameter in /etc/sysctl.conf or a file in /etc/sysctl.d/ ending in .conf:
kernel.yama.ptrace_scope = 1
Parameter:
[Yes/No]
Technical Mechanism:
Set the following parameter in /etc/sysctl.conf or a file in /etc/sysctl.d/ ending in .conf:
kernel.yama.ptrace_scope = 1
CCSS Severity: | CCSS Metrics: |
CCSS Score : 7.0 | Attack Vector: LOCAL |
Exploit Score: 1.0 | Attack Complexity: HIGH |
Impact Score: 5.9 | Privileges Required: LOW |
Severity: HIGH | User Interaction: NONE |
Vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:95936 |