STIGQter STIGQter: STIG Summary: Solaris 10 X86 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

The SMTP service must be an up-to-date version.

DISA Rule

SV-220102r603266_rule

Vulnerability Number

V-220102

Group Title

SRG-OS-000480

Rule Version

GEN004600

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

Obtain and install the latest version of Sendmail from Oracle through normal software update processes, as implemented locally.

Check Contents

Determine the version of the SMTP service software, using a non-privileged account.
$ /usr/lib/sendmail -d0 -bt < /dev/null
(Note: While this command will report the sendmail version almost immediately, it will take several moments to return to the shell prompt. Press ctrl-C to terminate the sendmail process.)

Version 8.14.4 is the latest required version.
Version 8.14.4+Sun is available from Oracle for Solaris.

If the sendmail version is not at least 8.14.4 or Oracle's latest version, this is a finding.

Vulnerability Number

V-220102

Documentable

False

Rule Version

GEN004600

Severity Override Guidance

Determine the version of the SMTP service software, using a non-privileged account.
$ /usr/lib/sendmail -d0 -bt < /dev/null
(Note: While this command will report the sendmail version almost immediately, it will take several moments to return to the shell prompt. Press ctrl-C to terminate the sendmail process.)

Version 8.14.4 is the latest required version.
Version 8.14.4+Sun is available from Oracle for Solaris.

If the sendmail version is not at least 8.14.4 or Oracle's latest version, this is a finding.

Check Content Reference

M

Target Key

4061

Comments