Title

The SMTP service must be an up-to-date version. (Cat I impact)

Discussion

The SMTP service version on the system must be current to avoid exposing vulnerabilities present in unpatched versions.

Check Content

Determine the version of the SMTP service software, using a non-privileged account. $ /usr/lib/sendmail -d0 -bt < /dev/null (Note: While this command will report the sendmail version almost immediately, it will take several moments to return to the shell prompt. Press ctrl-C to terminate the sendmail process.) Version 8.14.4 is the latest required version. Version 8.14.4+Sun is available from Oracle for Solaris. If the sendmail version is not at least 8.14.4 or Oracle's latest version, this is a finding.

Fix Text

Obtain and install the latest version of Sendmail from Oracle through normal software update processes, as implemented locally.

Additional Identifiers

Rule ID: SV-220102r603266_rule

Vulnerability ID: V-220102

Group Title: SRG-OS-000480

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.