Check: GEN004640
Solaris 9 X86 STIG:
GEN004640
(in version v1 r9)
Title
The SMTP service must not have a uudecode alias active. (Cat I impact)
Discussion
A common configuration for older Mail Transfer Agents (MTAs) includes an alias for the decode user. All mail sent to this user is sent to the uudecode program, which automatically converts and stores files. By sending mail to decode or uudecode aliases present on some systems, a remote attacker may be able to create or overwrite files on the remote host. This could possibly be used to gain remote access.
Check Content
Check the SMTP service for an active decode command. Procedure: # telnet localhost 25 decode If the command does not return a 500 error code of command unrecognized, this is a finding. If telnet is unavailable for testing, check for the existence of the decode and uudecode aliases in the sendmail aliases file. Find the active sendmail aliases file. # grep AliasFile /etc/mail/sendmail.cf (The aliases file is usually at /etc/mail/aliases) Look for decode aliases in the aliases file. # grep decode /etc/mail/aliases If there is an uncommented decode or uudecode alias in the aliases file, this is a finding.
Fix Text
Comment out active decode and uudecode aliases in the aliases file. # vi /usr/mail/aliases Activate updated aliases file. # newaliases
Additional Identifiers
Rule ID: SV-42312r1_rule
Vulnerability ID: V-4691
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001230 |
The organization incorporates flaw remediation into the organizational configuration management process. |
Controls
Number | Title |
---|---|
SI-2 |
Flaw Remediation |