CCE-92465-4Platform: oel7 | Date: (C)2019-11-07 (M)2022-10-10 |
Ensure tftp Daemon Uses Secure Mode
If running the 'tftp' service is necessary, it should be configured
to change its root directory at startup. To do so, ensure
'/etc/xinetd.d/tftp' includes '-s' as a command line argument, as shown in
the following example (which is also the default):
'server_args = -s /var/lib/tftpboot'
Parameter:
Technical Mechanism:
Using the '-s' option causes the TFTP service to only serve files from the
given directory. Serving files from an intentionally-specified directory
reduces the risk of sharing files which should remain private.
Fix:
No Remediation Info
CCSS Severity: | CCSS Metrics: |
CCSS Score : | Attack Vector: |
Exploit Score: | Attack Complexity: |
Impact Score: | Privileges Required: |
Severity: | User Interaction: |
Vector: | Scope: |
| Confidentiality: |
| Integrity: |
| Availability: |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:49407 |