Misleading Vulnerability: Disabled CONFIG_SECURITY_YAMA with Misconfigured /etc/sysctl.d/10-ptrace.conf

Misleading Vulnerability: Disabled CONFIG_SECURITY_YAMA with Misconfigured /etc/sysctl.d/10-ptrace.conf

CVE-2019-15325 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

In GalliumOS 3.0, CONFIG_SECURITY_YAMA is disabled but /etc/sysctl.d/10-ptrace.conf tries to set /proc/sys/kernel/yama/ptrace_scope to 1, which might increase risk because of the appearance that a protection mechanism is present when actually it is not.

Learn more about our Web Application Penetration Testing UK.