UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The system must use available memory address randomization techniques.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22576 GEN008420 SV-37979r1_rule ECSC-1 Low
Description
Successful exploitation of buffer overflow vulnerabilities relies in some measure to having a predictable address structure of the executing program. Address randomization techniques reduce the probability of a successful exploit.
STIG Date
Red Hat Enterprise Linux 5 Security Technical Implementation Guide 2015-06-12

Details

Check Text ( C-37277r1_chk )
Verify exec-shield is enabled if present.
# cat /proc/sys/kernel/exec-shield
If the file is present and contains a value of "0", this is a finding.

Fix Text (F-32513r1_fix)
Edit the kernel boot parameters, or "/etc/sysctl.conf", and set exec-shield to "1". Reboot the system.