Check: GEN004540
Solaris 10 SPARC STIG:
GEN004540
(in versions v2 r4 through v1 r19)
Title
The SMTP service HELP command must not be enabled. (Cat II impact)
Discussion
The HELP command should be disabled to mask version information. The version of the SMTP service software could be used by attackers to target vulnerabilities present in specific software versions.
Check Content
Check if Help is disabled in Sendmail. Procedure: # telnet <host> 25 > help If the help command returns any Sendmail version information, this is a finding. If telnet is unavailable for testing, check the value of the HelpFile parameter in the sendmail.cf file. # grep HelpFile /etc/mail/sendmail.cf If the contents of the file indicated by the HelpFile parameter contains any Sendmail version information, this is a finding.
Fix Text
To disable the SMTP HELP command, clear the Sendmail help file. # echo > /etc/mail/helpfile
Additional Identifiers
Rule ID: SV-220046r603265_rule
Vulnerability ID: V-220046
Group Title: SRG-OS-000480
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |