UCF STIG Viewer Logo

The system must use available memory address randomization techniques.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22576 GEN008420 SV-38831r1_rule ECSC-1 Low
Description
Successful exploitation of buffer overflow vulnerabilities relies in some measure to having a predictable address structure of the executing program. Address randomization techniques reduce the probability of a successful exploit.
STIG Date
Draft AIX Security Technical Implementation Guide 2011-08-17

Details

Check Text ( C-37086r1_chk )
Running the sedmgr command without any options will show the settings currently in effect.

#sedmgr

If the value returned for the sedmgr mode is off, this is a finding.
Fix Text (F-32358r1_fix)
Configure the system to use any available memory address randomization techniques. Recommended settings are either to enable stack execution disablement for all suid files or select system executables.

Set sedmgr to enforce on selected files and terminate processes violating stack execution boundaries.
#sedmgr –m select –o off

OR

Set sedmgr to enforce on setid files and terminate processes violating stack execution boundaries.
#sedmgr –m setidfiles –o off

After a global system change to the sed, the system should be rebooted.
#shutdown -Fr