Detections
Analytics
GEN007960 - The 'ldd' command must be disabled unless it protects against the execution of untrusted files.
Information
The 'ldd' command provides a list of dependent libraries needed by a given binary, which is useful for troubleshooting software. Instead of parsing the binary file, some 'ldd' implementations invoke the program with a special environment variable set, which causes the system dynamic linker to display the list of libraries. Specially crafted binaries can specify an alternate dynamic linker which may cause a program to be executed instead of examined. If the program is from an untrusted source, such as in a user home directory, or a file suspected of involvement in a system compromise, unauthorized software may be executed with the rights of the user running 'ldd'.Solution
Remove the execute permissions from the 'ldd' executable.Procedure:
# chmod a-x /usr/bin/ldd
See Also
http://iasecontent.disa.mil/stigs/zip/U_RedHat_5_V1R18_STIG.zip
Item Details
Category: CONFIGURATION MANAGEMENT
References: 800-53|CM-7, CAT|II, CCI|CCI-000305, Group-ID|V-23953, Rule-ID|SV-37621r2_rule, STIG-ID|GEN007960, Vuln-ID|V-23953
Plugin: Unix
Control ID: f14084fcd3e530a9d54bdb83e84666c096e45b8be78f3d78f3b2f36cb5daebd7