[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-91913-4

Platform: cpe:/o:ubuntu:ubuntu_linux:16.04Date: (C)2018-07-09   (M)2023-07-04



Set the system flag to force randomized virtual memory region placement. Disabled = No ASLR (Memory address would not be randomizaed) Conservative Randomization == Randomize addresses for Stack, Heap, Shared Libs, PIE, mmap(), VDRO Full Randomization = Conservative Randomization + memory managed via brk() Rationale: Randomly placing virtual memory regions will make it difficult to write memory page exploits as the memory placement will be consistently shifting.


Parameter:

[Disabled/Conservative Randomization/Full Randomization]


Technical Mechanism:

Add the following line to the /etc/sysctl.conf file. kernel.randomize_va_space = 2

CCSS Severity:CCSS Metrics:
CCSS Score : 6.2Attack Vector: LOCAL
Exploit Score: 2.5Attack Complexity: LOW
Impact Score: 3.6Privileges Required: NONE
Severity: MEDIUMUser Interaction: NONE
Vector: AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NScope: UNCHANGED
 Confidentiality: HIGH
 Integrity: NONE
 Availability: NONE
  

References:
Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:46174


OVAL    1
oval:org.secpod.oval:def:46174
XCCDF    1
xccdf_org.secpod_benchmark_general_Ubuntu_16_04

© SecPod Technologies