From Oracle Linux 5 Security Technical Implementation Guide
Part of GEN008420
Associated with: CCI-000366
Successful exploitation of buffer overflow vulnerabilities relies in some measure to having a predictable address structure of the executing program. Address randomization techniques reduce the probability of a successful exploit.
Check that the "kernel.randomize_va_space" kernel parameter is set to "2" in /etc/sysctl.conf. Procedure: # grep ^kernel\.randomize_va_space /etc/sysctl.conf | awk -F= '{ print $2 }' If there is no value returned or if a value is returned that is not "2", this is a finding.
Edit (or add if necessary) the entry in /etc/sysctl.conf for the "kernel.randomize_va_space" kernel parameter. Ensure this parameter is set to "2" as in: kernel.randomize_va_space = 2 If this was not already the default, reboot the system for the change to take effect.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer