Check: GEN004560
Title
The SMTP services SMTP greeting must not provide version information. (Cat III impact)
Discussion
The version of the SMTP service can be used by attackers to plan an attack based on vulnerabilities present in the specific version.
Check Content
Check for the Sendmail version being displayed in the greeting. # grep SmtpGreetingMessage /etc/sendmail.cf If the value of the SmtpGreetingMessage parameter contains the $v or $Z macros, this is a finding.
Fix Text
Ensure Sendmail or its equivalent has been configured to mask the version information.
Additional Identifiers
Rule ID:
Vulnerability ID: V-4384
Group Title:
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| CCI-000366 |
The organization implements the security configuration settings. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| CM-6 |
Configuration Settings |