반품
-
질문
Change Auditor agent is not using ASLR (Address Space Layout Randomization). -
설명
Change Auditor agent on the Active Directory domain controllers was not configured to make use of address space layout randomization (ASLR) exploit mitigation technology. Should a memory corruption vulnerability be discovered in the affected application, it would be easier for an attacker to devise a workable exploit in the absence of ASLR. -
답변
we do have ASLR enabled for certain modules inside the CA agent itself, however, there are some components that do not have ASLR technology fully implemented yet.
We have created the following ER for fully implementing ASLR technology into the CA agent:
Enhancement Request 437039: As a CA Admin, I would like the CA agent to fully utilize address space layout randomization (ASLR) technology
This will be implemented in a future release of CA, no ETA at this time. you can follow up on the release notes by the enhancement request number 437039