UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The system must use available memory address randomization techniques.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22576 GEN008420 SV-63197r1_rule ECSC-1 Low
Description
Successful exploitation of buffer overflow vulnerabilities relies in some measure to having a predictable address structure of the executing program. Address randomization techniques reduce the probability of a successful exploit.
STIG Date
Oracle Linux 5 Security Technical Implementation Guide 2015-12-07

Details

Check Text ( C-51921r2_chk )
Check that the "kernel.randomize_va_space" kernel parameter is set to "2" in /etc/sysctl.conf.

Procedure:

# grep ^kernel\.randomize_va_space /etc/sysctl.conf | awk -F= '{ print $2 }'

If there is no value returned or if a value is returned that is not "2", this is a finding.
Fix Text (F-53775r3_fix)
Edit (or add if necessary) the entry in /etc/sysctl.conf for the "kernel.randomize_va_space" kernel parameter. Ensure this parameter is set to "2" as in:

kernel.randomize_va_space = 2

If this was not already the default, reboot the system for the change to take effect.