Difference between revisions of "Kernel Weakness"

From Atomicorp Wiki
Jump to: navigation, search
(Created page with ''''Description''' This is a type of vulnerability in the kernel of the system itself. The kernel is not robust to the type of vulnerability. '''Kernel Weakness Vulnerabilitie…')
 
m
 
(4 intermediate revisions by one user not shown)
Line 1: Line 1:
 
'''Description'''
 
'''Description'''
  
This is a type of vulnerability in the kernel of the system itself.  The kernel is not robust to the type of vulnerability.
+
This is a type of vulnerability in the kernel of the system itself.  The kernel is not robust to the type of vulnerability.  [[ASL]] includes a special kernel that is immune to these weaknesses.  If you are getting a kernel weakness vulnerability alert on your system then you are not running a secure kernel like [[ASL]].
 +
 
 +
This means your system is vulnerable to a whole class of attacks that can cause the entire system to become compromised.
  
  
 
'''Kernel Weakness Vulnerabilities'''
 
'''Kernel Weakness Vulnerabilities'''
  
[[grsec_randamap]]
+
[[grsec_randamap|No Kernel Anonymous mapping randomization]]
  
[[grsec_randheap1]]
+
[[grsec_randheap1|No Kernel Heap randomization (ET_EXEC)]]
  
[[grsec_randheap2]]
+
[[grsec_randheap2|No Kernel Heap randomization (ET_DYN)]]
  
[[grsec_randmain2]]
+
[[grsec_randmain2|No Kernel Main executable randomization]]
  
[[grsec_randshlib]]
+
[[grsec_randshlib|No Kernel Shared library randomization]]
  
[[grsec_randstack1]]
+
[[grsec_randstack1|No Kernel Stack randomization]]
  
[[grsec_randstack2]]
+
[[grsec_randstack2|No Kernel Stack randomization]]

Latest revision as of 16:28, 31 December 2009

Description

This is a type of vulnerability in the kernel of the system itself. The kernel is not robust to the type of vulnerability. ASL includes a special kernel that is immune to these weaknesses. If you are getting a kernel weakness vulnerability alert on your system then you are not running a secure kernel like ASL.

This means your system is vulnerable to a whole class of attacks that can cause the entire system to become compromised.


Kernel Weakness Vulnerabilities

No Kernel Anonymous mapping randomization

No Kernel Heap randomization (ET_EXEC)

No Kernel Heap randomization (ET_DYN)

No Kernel Main executable randomization

No Kernel Shared library randomization

No Kernel Stack randomization

No Kernel Stack randomization

Personal tools