Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The system must use available memory address randomization techniques.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-22576 | GEN008420 | SV-37979r1_rule | ECSC-1 | Low |
| Description |
|---|
| Successful exploitation of buffer overflow vulnerabilities relies in some measure to having a predictable address structure of the executing program. Address randomization techniques reduce the probability of a successful exploit. |
| STIG | Date |
|---|---|
| Red Hat Enterprise Linux 5 Security Technical Implementation Guide | 2015-12-03 |
Details
| Check Text ( C-37277r1_chk ) |
|---|
| Verify exec-shield is enabled if present. # cat /proc/sys/kernel/exec-shield If the file is present and contains a value of "0", this is a finding. |
| Fix Text (F-32513r1_fix) |
|---|
| Edit the kernel boot parameters, or "/etc/sysctl.conf", and set exec-shield to "1". Reboot the system. |