CCE-95402-4Platform: cpe:/o:amazon:linux:2, cpe:/o:centos:centos:7, cpe:/o:oracle:linux:7, cpe:/o:oracle:linux:8, cpe:/o:redhat:enterprise_linux:7, cpe:/o:redhat:enterprise_linux:8, cpe:/o:redhat:enterprise_linux:9 | Date: (C)2021-03-05 (M)2023-07-04 |
Description
The Lightweight Directory Access Protocol (LDAP) was introduced as a replacement for NIS/YP. It is a service that provides a method for looking up information from a central database.
Rationale
If the system will not need to act as an LDAP client, it is recommended that the software be removed to reduce the potential attack surface..
Audit
Run the following commands to verify openldap-clients is not installed:
# rpm -q openldap-clients
package openldap-clients is not installed
Remediation
Run the following command to uninstall openldap-clients:
# yum remove openldap-clients
Impact
Removing the LDAP client will prevent or inhibit using LDAP for authentication in your environment.
Parameter:
[yes/no]
Technical Mechanism:
Run the following command to uninstall openldap-clients:
# yum remove openldap-clients
CCSS Severity: | CCSS Metrics: |
CCSS Score : 8.2 | Attack Vector: LOCAL |
Exploit Score: 1.5 | Attack Complexity: LOW |
Impact Score: 6.0 | Privileges Required: HIGH |
Severity: HIGH | User Interaction: NONE |
Vector: AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H | Scope: CHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72365 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72849 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:68554 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:71999 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72639 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72742 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:84239 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72954 |