UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The system must use available memory address randomization techniques.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22576 GEN008420 SV-38831r1_rule ECSC-1 Low
Description
Successful exploitation of buffer overflow vulnerabilities relies in some measure to having a predictable address structure of the executing program. Address randomization techniques reduce the probability of a successful exploit.
STIG Date
AIX 5.3 SECURITY TECHNICAL IMPLEMENTATION GUIDE 2014-10-03

Details

Check Text ( C-37086r1_chk )
Running the sedmgr command without any options will show the settings currently in effect.

#sedmgr

If the value returned for the sedmgr mode is off, this is a finding.
Fix Text (F-32358r1_fix)
Configure the system to use any available memory address randomization techniques. Recommended settings are either to enable stack execution disablement for all suid files or select system executables.

Set sedmgr to enforce on selected files and terminate processes violating stack execution boundaries.
# sedmgr -m select -o off

OR

Set sedmgr to enforce on setid files and terminate processes violating stack execution boundaries.
# sedmgr -m setidfiles -o off

After a global system change to the sed, the system should be rebooted.
# shutdown -Fr