Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The sendmail server must have the debug feature disabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-4690 | GEN004620 | SV-37508r1_rule | ECSC-1 | High |
| Description |
|---|
| Debug mode is a feature present in older versions of sendmail which, if not disabled, may allow an attacker to gain access to a system through the sendmail service. |
| STIG | Date |
|---|---|
| Red Hat Enterprise Linux 5 Security Technical Implementation Guide | 2015-03-12 |
Details
| Check Text ( C-36167r2_chk ) |
|---|
| Check for an enabled "debug" command provided by the SMTP service. Procedure: # telnet localhost 25 debug If the command does not return a 500 error code of "command unrecognized" or a 550 error code of "access denied", this is a finding. The RHEL distribution ships with sendmail Version 8.13.8 which is not vulnerable. This should never be a finding. |
| Fix Text (F-31418r1_fix) |
|---|
| Obtain and install a newer version of the SMTP service software (sendmail or Postfix) from RedHat. |