Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-22576 | GEN008420 | SV-38831r1_rule | ECSC-1 | Low |
Description |
---|
Successful exploitation of buffer overflow vulnerabilities relies in some measure to having a predictable address structure of the executing program. Address randomization techniques reduce the probability of a successful exploit. |
STIG | Date |
---|---|
AIX 5.3 Security Technical Implementation Guide | 2012-05-25 |
Check Text ( C-37086r1_chk ) |
---|
Running the sedmgr command without any options will show the settings currently in effect. #sedmgr If the value returned for the sedmgr mode is off, this is a finding. |
Fix Text (F-32358r1_fix) |
---|
Configure the system to use any available memory address randomization techniques. Recommended settings are either to enable stack execution disablement for all suid files or select system executables. Set sedmgr to enforce on selected files and terminate processes violating stack execution boundaries. # sedmgr -m select -o off OR Set sedmgr to enforce on setid files and terminate processes violating stack execution boundaries. # sedmgr -m setidfiles -o off After a global system change to the sed, the system should be rebooted. # shutdown -Fr |