[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-95036-0

Platform: cpe:/o:ubuntu:ubuntu_linux:20.04, cpe:/o:ubuntu:ubuntu_linux:22.04, cpe:/o:ubuntu:ubuntu_linux:23.04Date: (C)2020-10-15   (M)2023-09-01



The X11Forwarding parameter provides the ability to tunnel X11 traffic through the connection to enable remote graphic connections. Rationale: Disable X11 forwarding unless there is an operational requirement to use X11 applications directly. There is a small risk that the remote X11 servers of users who are logged in via SSH with X11 forwarding could be compromised by other users on the X11 server. Note that even if X11 forwarding is disabled, users can always install their own forwarders. Fix: Edit the /etc/ssh/sshd_config file to set the parameter as follows: X11Forwarding no


Parameter:

[no/yes]


Technical Mechanism:

Edit the /etc/ssh/sshd_config file to set the parameter as follows: X11Forwarding no

CCSS Severity:CCSS Metrics:
CCSS Score : 7.0Attack Vector: LOCAL
Exploit Score: 1.0Attack Complexity: HIGH
Impact Score: 5.9Privileges Required: LOW
Severity: HIGHUser Interaction: NONE
Vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HScope: UNCHANGED
 Confidentiality: HIGH
 Integrity: HIGH
 Availability: HIGH
  

References:
Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:65942
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:85112
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:92205


OVAL    3
oval:org.secpod.oval:def:92205
oval:org.secpod.oval:def:65942
oval:org.secpod.oval:def:85112
XCCDF    3
xccdf_org.secpod_benchmark_general_Ubuntu_23.04
xccdf_org.secpod_benchmark_general_Ubuntu_22.04
xccdf_org.secpod_benchmark_general_Ubuntu_20.04

© SecPod Technologies