Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-220102 | GEN004600 | SV-220102r603266_rule | High |
Description |
---|
The SMTP service version on the system must be current to avoid exposing vulnerabilities present in unpatched versions. |
STIG | Date |
---|---|
Solaris 10 X86 Security Technical Implementation Guide | 2022-09-07 |
Check Text ( C-21811r489928_chk ) |
---|
Determine the version of the SMTP service software, using a non-privileged account. $ /usr/lib/sendmail -d0 -bt < /dev/null (Note: While this command will report the sendmail version almost immediately, it will take several moments to return to the shell prompt. Press ctrl-C to terminate the sendmail process.) Version 8.14.4 is the latest required version. Version 8.14.4+Sun is available from Oracle for Solaris. If the sendmail version is not at least 8.14.4 or Oracle's latest version, this is a finding. |
Fix Text (F-21810r489929_fix) |
---|
Obtain and install the latest version of Sendmail from Oracle through normal software update processes, as implemented locally. |