UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The limitpriv zone option must be set to the vendor default or less permissive.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22608 GEN000000-SOL00640 SV-27023r1_rule ECLP-1 Medium
Description
Solaris zones can be assigned privileges generally reserved for the global zone using the limitpriv zone option. Any privilege assignments in excess of the vendor defaults may provide the ability for a non-global zone to compromise the global zone.
STIG Date
SOLARIS 10 X86 SECURITY TECHNICAL IMPLEMENTATION GUIDE 2018-04-10

Details

Check Text ( C-27954r1_chk )
If the system is not a global zone, this vulnerability is not applicable.
List the non-global zones on the system.
# zoneadm list -vi
List the configuration for each zone.
# zonecfg -z info
Check the limitpriv lines. If a line set other than default, this is a finding. If limitpriv is not set, this is not a finding.
Fix Text (F-24290r1_fix)
Change the limitpriv setting to default.
# zonecfg -z set limitpriv=default