| VID |
14118 |
| Severity |
10 |
| Port |
22 |
| Protocol |
TCP |
| Class |
LSC |
| Detailed Description |
The user home directory is the directory where the user performs tasks after the user logs in. the user's environment is configured by the user's environment file settings existing in the user
home directory, and the following security problems may occur due to the absence of the home directory .
1. If the home directory does not exist or the home directory of the general user is set to '/' instead of the root account, the user's current directory will be logged in as '/', which may cause
problems in management and security.
2. If there is a hidden directory in the home directory, it may be something that an unauthorized user has created to hide the file.
3. If there is an illegal executable file with the name of the system command in the home directory, you can enter the relative path and system command to cause the illegal file to be executed.
* Affected platforms:
UNIX, Linux |
| Recommendation |
You can set up your home directory as follows:
1. Delete a user account without a home directory
- SunOS, LINUX, HP-UX Settings: #userdel <user_name>
- AIX Settings: #rmuser <user_name>
2. Specify a home directory for a user account that does not have a home directory
#vi / etc / passwd
#test:x:501:501::/ home/test:/bin/bash (/home/test = home directory)
#test:x:501:501::/ data:/bin/bash (modify home directory /home/test -> /data) |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
