| VID |
14135 |
| Severity |
30 |
| Port |
22 |
| Protocol |
TCP |
| Class |
LSC |
| Detailed Description |
The host system's /var/log/wtmp* /var/log/utmp* log file's permission or owner is unsafe. /var/log/wtmp* /var/log/utmp* files are log files or backup files of the user information connected to the system.
If this file is exposed, serious security problems can occur. So normal users need to be prohibited from accessing this file.
* Platforms Affected:
UNIX, Linux |
| Recommendation |
Reset permissions of the file lower than 600 as the following
chmod 600 /var/log/wtmp*
chmod 600 /var/log/utmp*
if the owner of the file is not root, change the owner
chown root /var/log/wtmp*
chown root /var/log/utmp* |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
