Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-4689 | GEN004600 | SV-39819r1_rule | VIVM-1 | High |
Description |
---|
The SMTP service version on the system must be current to avoid exposing vulnerabilities present in unpatched versions. |
STIG | Date |
---|---|
Solaris 9 X86 Security Technical Implementation Guide | 2012-05-25 |
Check Text ( C-38690r3_chk ) |
---|
Determine the version of the SMTP service software, using a non-privileged account. $ /usr/lib/sendmail -d0 -bt < /dev/null (Note: While this command will report the sendmail version almost immediately, it will take several moments to return to the shell prompt. Press ctrl-C to terminate the sendmail process.) Version 8.14.4 is the latest required version. Version 8.14.4+Sun is available from Oracle for Solaris. If the sendmail version is not at least 8.14.4 or Oracle's latest version, this is a finding. |
Fix Text (F-35979r2_fix) |
---|
Obtain and install the latest version of Sendmail from Oracle through normal software update processes, as implemented locally. |