CCE-91532-2| Platform: cpe:/o:apple:mac_os_x:10.12 | Date: (C)2018-02-22 (M)2023-07-04 |
Verify group who owns the file /usr/bin/rsh
The group of the rsh executable must be wheel. The rsh utility copies its standard input to the remote command, the standard output of the remote command to its standard output, and the standard error of the remote command to its standard error. Interrupt, quit and terminate signals are propagated to the remote command; rsh normally terminates when the remote command does.
Parameter:
[Root_Group]
Technical Mechanism:
/usr/bin/rsh set via chgrp
| CCSS Severity: | CCSS Metrics: |
| CCSS Score : 8.4 | Attack Vector: LOCAL |
| Exploit Score: 2.5 | Attack Complexity: LOW |
| Impact Score: 5.9 | Privileges Required: NONE |
| Severity: HIGH | User Interaction: NONE |
| Vector: AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| | Confidentiality: HIGH |
| | Integrity: HIGH |
| | Availability: HIGH |
| | |
References: | Resource Id | Reference |
|---|
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:44163 |
