CCE-91531-4Platform: cpe:/o:apple:mac_os_x:10.12 | Date: (C)2018-02-22 (M)2023-07-04 |
Verify user who owns the file /usr/bin/rsh
The owner of the rsh executable must be root. The rsh utility copies its standard input to the remote command, the standard output of the remote command to its standard output, and the standard error of the remote command to its standard error. Interrupt, quit and terminate signals are propagated to the remote command; rsh normally terminates when the remote command does.
Parameter:
[Root_User]
Technical Mechanism:
/usr/bin/rsh set via chown
CCSS Severity: | CCSS Metrics: |
CCSS Score : 8.4 | Attack Vector: LOCAL |
Exploit Score: 2.5 | Attack Complexity: LOW |
Impact Score: 5.9 | Privileges Required: NONE |
Severity: HIGH | User Interaction: NONE |
Vector: AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:44162 |