Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The system must use available memory address randomization techniques.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-22576 | GEN008420 | SV-63197r1_rule | Low |
| Description |
|---|
| Successful exploitation of buffer overflow vulnerabilities relies in some measure to having a predictable address structure of the executing program. Address randomization techniques reduce the probability of a successful exploit. |
| STIG | Date |
|---|---|
| Oracle Linux 5 Security Technical Implementation Guide | 2017-05-18 |
Details
| Check Text ( C-51921r2_chk ) |
|---|
| Check that the "kernel.randomize_va_space" kernel parameter is set to "2" in /etc/sysctl.conf. Procedure: # grep ^kernel\.randomize_va_space /etc/sysctl.conf | awk -F= '{ print $2 }' If there is no value returned or if a value is returned that is not "2", this is a finding. |
| Fix Text (F-53775r3_fix) |
|---|
| Edit (or add if necessary) the entry in /etc/sysctl.conf for the "kernel.randomize_va_space" kernel parameter. Ensure this parameter is set to "2" as in: kernel.randomize_va_space = 2 If this was not already the default, reboot the system for the change to take effect. |