Title

The operating system must disable information system functionality that provides the capability for automatic execution of code on mobile devices without user direction. (Cat II impact)

Discussion

Mobile devices include portable storage media (e.g., USB memory sticks, external hard disk drives) and portable computing and communications devices with information storage capability (e.g., notebook/laptop computers, personal digital assistants, cellular telephones, digital cameras, audio recording devices). Auto execution vulnerabilities can result in malicious programs being automatically executed. Examples of information system functionality providing the capability for automatic execution of code are Auto Run and Auto Play. Auto Run and Auto Play are components of the Microsoft Windows operating system that dictate what actions the system takes when a drive is mounted. This requirement is designed to address vulnerabilities that arise when mobile devices such as USB memory sticks or other mobile storage devices are automatically mounted and applications are automatically invoked without user knowledge or acceptance.

Check Content

This check applies to the global zone only. Determine the zone that you are currently securing. # zonename If the command output is "global", this check applies. Determine if the removable media volume manager is running. # svcs -Ho state svc:/system/filesystem/rmvolmgr:default If the output reports that the service is "online", this is a finding.

Fix Text

The Service Management profile is required. This action applies to the global zone only. Determine the zone that you are currently securing. # zonename If the command output is "global", this action applies. Disable the rmvolmgr service. # pfexec svcadm disable svc:/system/filesystem/rmvolmgr:default

Additional Identifiers

Rule ID: SV-219972r958548_rule

Vulnerability ID: V-219972

Group Title: SRG-OS-000183

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.