Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The limitpriv zone option must be set to the vendor default or less permissive.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-22608 | GEN000000-SOL00640 | SV-27023r1_rule | ECLP-1 | Medium |
| Description |
|---|
| Solaris zones can be assigned privileges generally reserved for the global zone using the limitpriv zone option. Any privilege assignments in excess of the vendor defaults may provide the ability for a non-global zone to compromise the global zone. |
| STIG | Date |
|---|---|
| SOLARIS 10 SPARC SECURITY TECHNICAL IMPLEMENTATION GUIDE | 2016-06-22 |
Details
| Check Text ( C-27954r1_chk ) |
|---|
| If the system is not a global zone, this vulnerability is not applicable. List the non-global zones on the system. # zoneadm list -vi List the configuration for each zone. # zonecfg -z Check the limitpriv lines. If a line set other than default, this is a finding. If limitpriv is not set, this is not a finding. |
| Fix Text (F-24290r1_fix) |
|---|
| Change the limitpriv setting to default. # zonecfg -z |