Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-38640 | RHEL-06-000261 | SV-50441r2_rule | Low |
Description |
---|
Mishandling crash data could expose sensitive information about vulnerabilities in software executing on the local machine, as well as sensitive information from within a process's address space or registers. |
STIG | Date |
---|---|
Red Hat Enterprise Linux 6 Security Technical Implementation Guide | 2017-04-28 |
Check Text ( None ) |
---|
None |
Fix Text (F-43589r2_fix) |
---|
The Automatic Bug Reporting Tool ("abrtd") daemon collects and reports crash data when an application crash is detected. Using a variety of plugins, abrtd can email crash reports to system administrators, log crash reports to files, or forward crash reports to a centralized issue tracking system such as RHTSupport. The "abrtd" service can be disabled with the following commands: # chkconfig abrtd off # service abrtd stop |