CCE-95742-3Platform: cpe:/o:ubuntu:ubuntu_linux:20.04 | Date: (C)2023-12-20 (M)2023-12-20 |
Description: The autorun-never setting allows the GNOME Desktop Display Manager to disable autorun through GDM.
By using the lockdown mode in dconf, you can prevent users from changing specific settings.
To lock down a dconf key or subpath, create a locks subdirectory in the keyfile directory. The files inside this directory contain a list of keys or subpaths to lock. Just as with the keyfiles, you may add any number of files to this directory.
Rationale:
Malware on removable media may taking advantage of Autorun features when the media is inserted into a system and execute. Fix: Edit or create the file /etc/dconf/db/local.d/locks/00-media-autorun and edit or add the following line:
/org/gnome/desktop/media-handling/autorun-never And run the following command to update dconf database:# dconf update
Parameter:
[Yes/No]
Technical Mechanism:
Edit or create the file /etc/dconf/db/local.d/locks/00-media-autorun and edit or add the following:
[org/gnome/desktop/media-handling]
And run the following command to update dconf database:
# dconf update
CCSS Severity: | CCSS Metrics: |
CCSS Score : 6.8 | Attack Vector: PHYSICAL |
Exploit Score: 0.9 | Attack Complexity: LOW |
Impact Score: 5.9 | Privileges Required: NONE |
Severity: MEDIUM | User Interaction: NONE |
Vector: AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:95929 |