Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-4384 | GEN004560 | SV-42310r1_rule | ECSC-1 | Low |
Description |
---|
The version of the SMTP service can be used by attackers to plan an attack based on vulnerabilities present in the specific version. |
STIG | Date |
---|---|
Solaris 9 X86 Security Technical Implementation Guide | 2013-01-10 |
Check Text ( C-40640r2_chk ) |
---|
Check for the Sendmail version being displayed in the greeting. # telnet localhost 25 If a version number is displayed, this is a finding. If telnet is unavailable for testing, check the value of the SmtpGreetingMessage parameter in the sendmail.cf file. # grep SmtpGreetingMessage /etc/mail/sendmail.cf If the value of the SmtpGreetingMessage parameter contains the $v or $Z macros, this is a finding. |
Fix Text (F-35943r1_fix) |
---|
Ensure Sendmail or its equivalent has been configured to mask the version information. If necessary, change the O SmtpGreetingMessage line in the /etc/mail/sendmail.cf file as noted below. O SmtpGreetingMessage=$j Sendmail $v/$Z; $b Change it to: O SmtpGreetingMessage= Mail Server Ready ; $b |