3.3 Enable Stack Protection - Makes sure 'noexec_user_stack' is set to 1 in /etc/system. Note: Only applicable if NX bit is set.

Information

Buffer overflow exploits have been the basis for many highly publicized compromises and defacements of large numbers of Internet connected systems. Many of the automated tools in use by system attackers exploit well-known buffer overflow problems in vendor-supplied and third-party software.

Solution

Please refer to the remediation steps on page 62 of the CIS document.

See Also

https://workbench.cisecurity.org/files/614

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-16

Plugin: Unix

Control ID: 11a12bec55467271c4cdae772fb8c37f3ccc886ce5c1f0f0d7922e5753f2bef6