search cancel

Is Windows ASLR (Address Space Layout Randomisation) enabled throughout the Service Desk Manager product?

book

Article ID: 133380

calendar_today

Updated On:

Products

CA Service Desk Manager

Issue/Introduction

Is ASLR (Address Space Layout Randomisation) enabled throughout the Service Desk Manager product?

Note: ASLR is a mechanism which protects against memory buffer overflow attacks by randomizing the base memory address where executable code, libraries and stacks are loaded.  For more information, links to information that is available from the internet at the time of the publishing of this article are listed in the Additional Information section.



Environment

Release : 14.1, 17.1, 17.2

Component : SERVICE DESK MANAGER

Resolution

ASLR is enabled in the supported versions of CA SDM.

Details: The Service Desk Manager engineering/development team uses Visual Studio 2010 for all SDM versions. During the build process,  /DYNAMICBASE:NO is not explicitly set, which means that the default setting applies, which is that ASLR is enabled. This applies to all EXE and DLLs that are built. 

Additional Information

1. Clarifying the behavior of mandatory ASLR :
https://blogs.technet.microsoft.com/srd/2017/11/21/clarifying-the-behavior-of-mandatory-aslr/

2. /DYNAMICBASE (Use address space layout randomization) :
https://docs.microsoft.com/en-us/cpp/build/reference/dynamicbase-use-address-space-layout-randomization?view=vs-2019

3.Software defense: mitigating common exploitation techniques
https://blogs.technet.microsoft.com/srd/2013/12/11/software-defense-mitigating-common-exploitation-techniques/

4. How do I determine if an EXE (or DLL) participate in ASLR, i.e. is relocatable?
https://stackoverflow.com/questions/39189477/how-do-i-determine-if-an-exe-or-dll-participate-in-aslr-i-e-is-relocatable/39216123