[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255116

 
 

909

 
 

198683

 
 

282

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-96100-3

Platform: cpe:/o:suse:suse_linux_enterprise_server:15Date: (C)2022-09-27   (M)2023-07-04



The executable search path (typically the PATH environment variable) contains a list of directories for the shell to search to find executables. If this path includes the current working directory (other than the user's home directory), executables in these directories may be executed instead of system commands. This variable is formatted as a colon-separated list of directories. If there is an empty entry, such as a leading or trailing colon or two consecutive colons, this is interpreted as the current working directory. If deviations from the default system search path for the local interactive user are required, they must be documented with the Information System Security Officer (ISSO).


Parameter:

[yes/no]


Technical Mechanism:

Fix:Edit the SUSE operating system local interactive user initialization files to change any PATH variable statements for executables that reference directories other than their home directory. If a local interactive user requires path variables to reference a directory owned by the application, it must be documented with the ISSO.

CCSS Severity:CCSS Metrics:
CCSS Score : 7.7Attack Vector: LOCAL
Exploit Score: 2.5Attack Complexity: LOW
Impact Score: 5.2Privileges Required: NONE
Severity: HIGHUser Interaction: NONE
Vector: AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NScope: UNCHANGED
 Confidentiality: HIGH
 Integrity: HIGH
 Availability: NONE
  

References:
Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:84334


OVAL    1
oval:org.secpod.oval:def:84334
XCCDF    1
xccdf_org.secpod_benchmark_general_SLES_15

© SecPod Technologies