An error occurred:

Check: GEN004620

SUSE Linux Enterprise Server v11 for System z STIG: GEN004620 (in versions v1 r12 through v1 r9)

Title

The sendmail server must have the debug feature disabled. (Cat I impact)

Discussion

Debug mode is a feature present in older versions of sendmail which, if not disabled, may allow an attacker to gain access to a system through the sendmail service.

Check Content

Check for an enabled "debug" command provided by the SMTP service. Procedure: # telnet localhost 25 debug If the command does not return a 500 error code of "command unrecognized", this is a finding. The SLES mainframe distribution ships with sendmail Version 8.14.3.-50.20.1 which is not vulnerable. This should never be a finding.

Fix Text

Obtain and install a newer version of the SMTP service software (sendmail or Postfix) fromNovell.

Additional Identifiers

Rule ID: SV-45870r1_rule

Vulnerability ID: V-4690

Group Title: GEN004620

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000366

The organization implements the security configuration settings.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
CM-6

Configuration Settings