[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

243238

 
 

909

 
 

192833

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-90850-9

Platform: rhel7,centos7Date: (C)2017-06-29   (M)2022-10-10



Enable ExecShield By default on Red Hat Enterprise Linux 7 64-bit systems, ExecShield is enabled and can only be disabled if the hardware does not support ExecShield or is disabled in '/etc/default/grub'. For Red Hat Enterprise Linux 7 32-bit systems, 'sysctl' can be used to enable ExecShield.


Parameter:


Technical Mechanism:

ExecShield uses the segmentation feature on all x86 systems to prevent execution in memory higher than a certain address. It writes an address as a limit in the code segment descriptor, to control where code can be executed, on a per-process basis. When the kernel places a process's memory regions such as the stack and heap higher than this address, the hardware prevents execution in that address range. This is enabled by default on the latest Red Hat and Fedora systems if supported by the hardware. Fix: # # Set runtime for kernel.exec-shield # sysctl -q -n -w kernel.exec-shield=1 # # If kernel.exec-shield present in /etc/sysctl.conf, change value to "1" # else, add "kernel.exec-shield = 1" to /etc/sysctl.conf # if grep --silent ^kernel.exec-shield /etc/sysctl.conf ; then sed -i 's/^kernel.exec-shield.*/kernel.exec-shield = 1/g' /etc/sysctl.conf else echo "" >> /etc/sysctl.conf echo "# Set kernel.exec-shield to 1 per security requirements" >> /etc/sysctl.conf echo "kernel.exec-shield = 1" >> /etc/sysctl.conf fi

CCSS Severity:CCSS Metrics:
CCSS Score : Attack Vector:
Exploit Score: Attack Complexity:
Impact Score: Privileges Required:
Severity: User Interaction:
Vector: Scope:
 Confidentiality:
 Integrity:
 Availability:
  

References:
Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:30524
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:31247


OVAL    2
oval:org.secpod.oval:def:30524
oval:org.secpod.oval:def:31247

© SecPod Technologies