STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

The AIX ldd command must be disabled.

DISA Rule

SV-215329r508663_rule

Vulnerability Number

V-215329

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

AIX7-00-003016

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Disable the "ldd" command by removing its permissions using command:
# chmod 0000 <path to ldd>

Check Contents

Consult vendor documentation concerning the "ldd" command.

If the command provides protection from the execution of untrusted executables, this is not a finding.

Determine the location of the system's "ldd" command:
# find / -name ldd

If no file exists, this is not a finding.

Check the permissions of the found "ldd" file:

# ls -lL <path to ldd>
---------- 1 bin bin 6289 Feb 28 2017 /usr/bin/ldd

If the file mode of the file is more permissive than "0000", this is a finding

Vulnerability Number

V-215329

Documentable

False

Rule Version

AIX7-00-003016

Severity Override Guidance

Consult vendor documentation concerning the "ldd" command.

If the command provides protection from the execution of untrusted executables, this is not a finding.

Determine the location of the system's "ldd" command:
# find / -name ldd

If no file exists, this is not a finding.

Check the permissions of the found "ldd" file:

# ls -lL <path to ldd>
---------- 1 bin bin 6289 Feb 28 2017 /usr/bin/ldd

If the file mode of the file is more permissive than "0000", this is a finding

Check Content Reference

M

Target Key

4012

Comments