Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The sendmail server must have the debug feature disabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-4690 | GEN004620 | SV-45870r1_rule | High |
| Description |
|---|
| Debug mode is a feature present in older versions of sendmail which, if not disabled, may allow an attacker to gain access to a system through the sendmail service. |
| STIG | Date |
|---|---|
| SUSE Linux Enterprise Server v11 for System z | 2016-12-20 |
Details
| Check Text ( C-43187r1_chk ) |
|---|
| Check for an enabled "debug" command provided by the SMTP service. Procedure: # telnet localhost 25 debug If the command does not return a 500 error code of "command unrecognized", this is a finding. The SLES mainframe distribution ships with sendmail Version 8.14.3.-50.20.1 which is not vulnerable. This should never be a finding. |
| Fix Text (F-39248r1_fix) |
|---|
| Obtain and install a newer version of the SMTP service software (sendmail or Postfix) fromNovell. |