CCE-95074-1| Platform: cpe:/o:debian:debian_linux:11.x, cpe:/o:ubuntu:ubuntu_linux:20.04, cpe:/o:ubuntu:ubuntu_linux:22.04, cpe:/o:ubuntu:ubuntu_linux:23.04 | Date: (C)2020-10-15 (M)2023-09-01 |
The PermitUserEnvironment option allows users to present environment options to the ssh daemon.
Rationale:
Permitting users the ability to set environment variables through the SSH daemon could potentially allow users to bypass security controls (e.g. setting an execution path that has ssh executing trojand programs)
Fix:
Edit the /etc/ssh/sshd_config file to set the parameter as follows:
PermitUserEnvironment no
Parameter:
[yes/no]
Technical Mechanism:
Edit the /etc/ssh/sshd_config file to set the parameter as follows:
PermitUserEnvironment no
| CCSS Severity: | CCSS Metrics: |
| CCSS Score : 7.4 | Attack Vector: LOCAL |
| Exploit Score: 1.4 | Attack Complexity: HIGH |
| Impact Score: 5.9 | Privileges Required: NONE |
| Severity: HIGH | User Interaction: NONE |
| Vector: AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| | Confidentiality: HIGH |
| | Integrity: HIGH |
| | Availability: HIGH |
| | |
References: | Resource Id | Reference |
|---|
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:87282 |
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:92258 |
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:65925 |
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:85150 |
