Difference between revisions of "HIDS 61026"

From Atomicorp Wiki
Jump to: navigation, search
(Created page with "{{Infobox |header1= Rule 61026 |label2 = Status |data2 = Active |label3 = Alert Message |data3 = An application has attempted to set the stack executable, this is either an ...")

Revision as of 13:20, 5 May 2014

Rule 61026
Status Active
Alert Message An application has attempted to set the stack executable, this is either an attack or a very vulnerable application.

Contents

Description

This means that you have an application installed with a serious vulnerability. The Secure ASL kernel is preventing this application from opening a hole in your system.

Some application developers may configured their applications insecure to use what is referred to as an "executable stack". An executable stack allows an attacker to inject raw code into your system, bypassing your operating systems entire security model. This is a well known and widely used method of compromising systems completely.

Configuring an application in this manner dangerously opens your system to full compromise. Very few, if any applications actually require this insecure state to operate, and often times configuring applications in this manner is done by the application developer in error. You can reconfigure these applications to not do this by following the process below.

The ASL kernel protects you from this dangerous mistake by not allowing these applications to configure your system into this extremely insecure condition.

You should investigate this event as it may be part of a broader attack.

Log examples

May 5 09:24:02 server3 host: grsec: From 1.2.3.4: denied marking stack executable as requested by PT_GNU_STACK marking in /usr/local/cpanel/3rdparty/php/54/zendopt/ZendGuardLoader.so by /usr/local/cpanel/whostmgr/docroot/cgi/addon_installatron.cgi[addon_installat:3705] uid/euid:0/0 gid/egid:0/0, parent /usr/local/cpanel/cpsrvd-ssl[cpsrvd-ssl:3642] uid/euid:0/0 gid/egid:0/0

error while loading shared libraries: libcrypto.so.0.9.8: cannot enable executable stack as shared object requires: Permission denied

Troubleshooting

Solutions

Please see this article for solutions if your application has this vulnerability:

https://www.atomicorp.com/wiki/index.php/ASL_error_messages#cannot_enable_executable_stack_as_shared_object_requires

False Positives

Please report this to support if you know this is not an attack.

Additional Information

Similar Rules

HIDS_60027

Knowledge Base Articles

None.

Retrieved from "https://wiki.atomicorp.com/wiki/index.php?title=HIDS_61026&oldid=4842"
Personal tools