Difference between revisions of "Vuln kernel pax"

From Atomicorp Wiki
Jump to: navigation, search
(Created page with "'''Description''' This means that your system is vulnerable to stack overflow attacks. The kernel is not robust to the type of vulnerability. ASL includes a special ker...")
 
m
 
(One intermediate revision by one user not shown)
Line 4: Line 4:
  
 
This means your system is vulnerable to a whole class of attacks that can cause the entire system to become compromised.
 
This means your system is vulnerable to a whole class of attacks that can cause the entire system to become compromised.
 +
 +
'''Resolving This Vulnerability'''
 +
 +
You need to install the ASL [[kernel]].  ASL will install this by default, provided that you do not have kernel installs disabled on your system.  If you do not have kernel installation disabled, then simply reboot your system into the secure ASL.
 +
 +
If you are not sure if you have kernel installation disabled, or if you have the ASL kernel installed, please see the [[kernel]] wiki article for guidance on checking your systems configuration to ensure you can install kernels, and how to install the kernel if you had your system configured to not allow kernels to be installed.
 +
 +
'''Notes for VPS Machines'''
 +
 +
Please note that VPS systems do not have their own kernel.  So if you are using a VPS technology you will not be able to install any kernel on the system.  VPS technologies share the hosts kernel, and the VPS will inherit the vulnerabilities in that kernel.  If you do not control the host, we encourage you to report this vulnerability to your hosting provider and ask they fix their kernel.  One way to do this is for them to install the secure ASL kernel on the host.
  
 
'''False Positives'''
 
'''False Positives'''

Latest revision as of 18:24, 10 February 2012

Description

This means that your system is vulnerable to stack overflow attacks. The kernel is not robust to the type of vulnerability. ASL includes a special kernel that is immune to these weaknesses. If you are getting a kernel weakness vulnerability alert on your system then you are not running a secure kernel like ASL.

This means your system is vulnerable to a whole class of attacks that can cause the entire system to become compromised.

Resolving This Vulnerability

You need to install the ASL kernel. ASL will install this by default, provided that you do not have kernel installs disabled on your system. If you do not have kernel installation disabled, then simply reboot your system into the secure ASL.

If you are not sure if you have kernel installation disabled, or if you have the ASL kernel installed, please see the kernel wiki article for guidance on checking your systems configuration to ensure you can install kernels, and how to install the kernel if you had your system configured to not allow kernels to be installed.

Notes for VPS Machines

Please note that VPS systems do not have their own kernel. So if you are using a VPS technology you will not be able to install any kernel on the system. VPS technologies share the hosts kernel, and the VPS will inherit the vulnerabilities in that kernel. If you do not control the host, we encourage you to report this vulnerability to your hosting provider and ask they fix their kernel. One way to do this is for them to install the secure ASL kernel on the host.

False Positives

There are no known False Positives for this.

Other Kernel Weakness Vulnerabilities

No Kernel Anonymous mapping randomization

No Kernel Heap randomization (ET_EXEC)

No Kernel Heap randomization (ET_DYN)

No Kernel Main executable randomization

No Kernel Shared library randomization

No Kernel Stack randomization

No Kernel Stack randomization

Personal tools