STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 10 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Solaris 11 X86 Security Technical Implementation Guide

V-216207

CAT III (Low)

Address Space Layout Randomization (ASLR) must be enabled.

Rule ID

SV-216207r959010_rule

STIG

Solaris 11 X86 Security Technical Implementation Guide

Version

V3R5

CCIs

CCI-000366

Discussion

Modification of memory area can result in executable code vulnerabilities. ASLR can reduce the likelihood of these attacks. ASLR activates the randomization of key areas of the process such as stack, brk-based heap, memory mappings, and so forth.

Check Content

This check applies to the global zone only. 

Determine the zone that you are currently securing.

# zonename

If the command output is "global", this check applies.

Determine if address space layout randomization is enabled.

Determine the OS version you are currently securing:. 
# uname –v

For Solaris 11, 11.1, 11.2, and 11.3:
# sxadm info -p | grep aslr | grep enabled

For Solaris 11.4 or newer:
# sxadm status -p -o status aslr | grep enabled 

If no output is produced, this is a finding.

Fix Text

The root role is required.

This action applies to the global zone only. Determine the zone that you are currently securing.

# zonename

If the command output is "global", this action applies.

Enable address space layout randomization.

# sxadm delcust aslr

Enabling ASLR may affect the function or stability of some applications, including those that use Solaris Intimate Shared Memory features.