UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The sendmail server must have the debug feature disabled.


Overview

Finding ID Version Rule ID IA Controls Severity
V-4690 GEN004620 SV-37508r1_rule ECSC-1 High
Description
Debug mode is a feature present in older versions of sendmail which, if not disabled, may allow an attacker to gain access to a system through the sendmail service.
STIG Date
Red Hat Enterprise Linux 5 Security Technical Implementation Guide 2016-06-01

Details

Check Text ( C-36167r2_chk )
Check for an enabled "debug" command provided by the SMTP service.

Procedure:
# telnet localhost 25
debug

If the command does not return a 500 error code of "command unrecognized" or a 550 error code of "access denied", this is a finding.

The RHEL distribution ships with sendmail Version 8.13.8 which is not vulnerable. This should never be a finding.
Fix Text (F-31418r1_fix)
Obtain and install a newer version of the SMTP service software (sendmail or Postfix) from RedHat.