CCE-95782-9Platform: cpe:/o:ubuntu:ubuntu_linux:20.04 | Date: (C)2024-02-12 (M)2024-02-12 |
It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vector. The rsh service has known security vulnerabilities, and its use can expose the system to various attacks, including unauthorized access, information disclosure, and man-in-the-middle attacks.
Fixtext:
Configure the Ubuntu operating system to disable non-essential capabilities by removing the rsh-server package from the system with the following command:
$ sudo apt-get remove rsh-server
Parameter:
[Yes/No]
Technical Mechanism:
Configure the Ubuntu operating system to disable non-essential capabilities by removing the rsh-server package from the system with the following command:
$ sudo apt-get remove rsh-server
CCSS Severity: | CCSS Metrics: |
CCSS Score : 4.3 | Attack Vector: ADJACENT_NETWORK |
Exploit Score: 2.8 | Attack Complexity: LOW |
Impact Score: 1.4 | Privileges Required: NONE |
Severity: MEDIUM | User Interaction: NONE |
Vector: AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | Scope: UNCHANGED |
| Confidentiality: LOW |
| Integrity: NONE |
| Availability: NONE |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:97835 |