Check: GEN004560
Solaris 10 X86 STIG:
GEN004560
(in versions v2 r4 through v1 r17)
Title
The SMTP services SMTP greeting must not provide version information. (Cat III impact)
Discussion
The version of the SMTP service can be used by attackers to plan an attack based on vulnerabilities present in the specific version.
Check Content
Check for the Sendmail version being displayed in the greeting. # telnet localhost 25 If a version number is displayed, this is a finding. If telnet is unavailable for testing, check the value of the SmtpGreetingMessage parameter in the sendmail.cf file. # grep SmtpGreetingMessage /etc/mail/sendmail.cf If the value of the SmtpGreetingMessage parameter contains the $v or $Z macros, this is a finding.
Fix Text
Ensure Sendmail or its equivalent has been configured to mask the version information. If necessary, change the O SmtpGreetingMessage line in the /etc/mail/sendmail.cf file as noted below. O SmtpGreetingMessage=$j Sendmail $v/$Z; $b Change it to: O SmtpGreetingMessage= Mail Server Ready ; $b
Additional Identifiers
Rule ID: SV-220100r603266_rule
Vulnerability ID: V-220100
Group Title: SRG-OS-000480
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |