Workload misconfigurations

Insecure Executable

Risk Level

Informational (4)

Platform(s)

  • N/A

Description

It was found that the tool '{InsecureExecutable}' is configured with Set-UID and owned by user 'root'. Certain Linux executables, when configured in this way, can be used to bypass local security restrictions and lead to privilege escalation.

  • Recommended Mitigation

    Consider removing the Set-UID privilege from the file, and limit the use of such binaries to users by granting them specific command permissions using the 'sudoers' functionality

Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.