UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Sendmail server must have the debug feature disabled.


Overview

Finding ID Version Rule ID IA Controls Severity
V-220050 GEN004620 SV-220050r505925_rule High
Description
Debug mode is a feature present in older versions of Sendmail which, if not disabled, may allow an attacker to gain access to a system through the Sendmail service.
STIG Date
Solaris 10 SPARC Security Technical Implementation Guide 2020-09-04

Details

Check Text ( C-21759r485144_chk )
Check for an enabled debug command provided by the SMTP service.

Procedure:
# telnet localhost 25
debug

If the command does not return a 500 error code of command unrecognized, this is a finding.

If telnet is unavailable for testing, check the version of sendmail. Run the following as a non-privileged user.

$ echo \$Z | /usr/sbin/sendmail -bt -d0

If the version reported is less than 8.6, this is a finding.
Fix Text (F-21758r485145_fix)
Obtain and install a more recent version of Sendmail, which does not implement the DEBUG feature.