Check: GEN004620
Solaris 10 SPARC STIG:
GEN004620
(in versions v2 r4 through v1 r19)
Title
The Sendmail server must have the debug feature disabled. (Cat I impact)
Discussion
Debug mode is a feature present in older versions of Sendmail which, if not disabled, may allow an attacker to gain access to a system through the Sendmail service.
Check Content
Check for an enabled debug command provided by the SMTP service. Procedure: # telnet localhost 25 debug If the command does not return a 500 error code of command unrecognized, this is a finding. If telnet is unavailable for testing, check the version of sendmail. Run the following as a non-privileged user. $ echo \$Z | /usr/sbin/sendmail -bt -d0 If the version reported is less than 8.6, this is a finding.
Fix Text
Obtain and install a more recent version of Sendmail, which does not implement the DEBUG feature.
Additional Identifiers
Rule ID: SV-220050r603265_rule
Vulnerability ID: V-220050
Group Title: SRG-OS-000480
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |