Difference between revisions of "Kernel Weakness"
From Atomicorp Wiki
(Created page with ''''Description''' This is a type of vulnerability in the kernel of the system itself. The kernel is not robust to the type of vulnerability. '''Kernel Weakness Vulnerabilitie…') |
m |
||
(4 intermediate revisions by one user not shown) | |||
Line 1: | Line 1: | ||
'''Description''' | '''Description''' | ||
− | This is a type of vulnerability in the kernel of the system itself. The kernel is not robust to the type of vulnerability. | + | This is a type of vulnerability in the kernel of the system itself. The kernel is not robust to the type of vulnerability. [[ASL]] includes a special kernel that is immune to these weaknesses. If you are getting a kernel weakness vulnerability alert on your system then you are not running a secure kernel like [[ASL]]. |
+ | |||
+ | This means your system is vulnerable to a whole class of attacks that can cause the entire system to become compromised. | ||
'''Kernel Weakness Vulnerabilities''' | '''Kernel Weakness Vulnerabilities''' | ||
− | [[grsec_randamap]] | + | [[grsec_randamap|No Kernel Anonymous mapping randomization]] |
− | [[grsec_randheap1]] | + | [[grsec_randheap1|No Kernel Heap randomization (ET_EXEC)]] |
− | [[grsec_randheap2]] | + | [[grsec_randheap2|No Kernel Heap randomization (ET_DYN)]] |
− | [[grsec_randmain2]] | + | [[grsec_randmain2|No Kernel Main executable randomization]] |
− | [[grsec_randshlib]] | + | [[grsec_randshlib|No Kernel Shared library randomization]] |
− | [[grsec_randstack1]] | + | [[grsec_randstack1|No Kernel Stack randomization]] |
− | [[grsec_randstack2]] | + | [[grsec_randstack2|No Kernel Stack randomization]] |
Latest revision as of 16:28, 31 December 2009
Description
This is a type of vulnerability in the kernel of the system itself. The kernel is not robust to the type of vulnerability. ASL includes a special kernel that is immune to these weaknesses. If you are getting a kernel weakness vulnerability alert on your system then you are not running a secure kernel like ASL.
This means your system is vulnerable to a whole class of attacks that can cause the entire system to become compromised.
Kernel Weakness Vulnerabilities
No Kernel Anonymous mapping randomization
No Kernel Heap randomization (ET_EXEC)
No Kernel Heap randomization (ET_DYN)
No Kernel Main executable randomization