3.2.5 CDE - sgid/suid binary lockdown - /usr/dt/bin/dtaction

Information

CDE buffer overflow vulnerabilities may be exploited by a local user to obtain root privilege via suid/sgid programs owned by root:bin or root:sys.

Rationale:

CDE has been associated with major security risks, most of which are buffer overflow vulnerabilities. These vulnerabilities may be exploited by a local user to obtain root privilege via suid/sgid programs owned by root:bin or root:sys. It is recommended that the CDE binaries have the suid/sgid removed.

Solution

Remove the suid/sgid from the following CDE binaries:

chmod ug-s /usr/dt/bin/dtaction
chmod ug-s /usr/dt/bin/dtappgather
chmod ug-s /usr/dt/bin/dtprintinfo
chmod ug-s /usr/dt/bin/dtsession

Default Value:

N/A

See Also

https://workbench.cisecurity.org/files/4119

Item Details

Category: ACCESS CONTROL, MEDIA PROTECTION

References: 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|MP-2, CSCv7|14.6

Plugin: Unix

Control ID: 947962d00954fc9a88a4117808bc863ad15e8e7b44b6236367d76a3a9c7adb39