CCE-92993-5Platform: cpe:/o:ubuntu:ubuntu_linux:19.04 | Date: (C)2019-11-07 (M)2023-07-04 |
Ensure echo is not enabled
echo is a network service that responds to clients with the data sent to it by the client. This service is intended for debugging and testing purposes. It is recommended that this service be disabled.
Parameter:
[no/yes]
Technical Mechanism:
Disabling this service will reduce the remote attack surface of the system.
Fix:
Remove or comment out any echo lines in /etc/inetd.conf:
#echo stream tcp nowait root internal
CCSS Severity: | CCSS Metrics: |
CCSS Score : 5.4 | Attack Vector: PHYSICAL |
Exploit Score: 0.7 | Attack Complexity: LOW |
Impact Score: 4.7 | Privileges Required: LOW |
Severity: MEDIUM | User Interaction: NONE |
Vector: AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H | Scope: UNCHANGED |
| Confidentiality: LOW |
| Integrity: LOW |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:55206 |