STIGQter STIGQter: STIG Summary: Solaris 10 X86 Security Technical Implementation Guide Version: 1 Release: 26 Benchmark Date: 24 Jan 2020: The Sendmail server must have the debug feature disabled.

DISA Rule

SV-42311r1_rule

Vulnerability Number

V-4690

Group Title

GEN004620

Rule Version

GEN004620

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

Obtain and install a more recent version of Sendmail, which does not implement the DEBUG feature.

Check Contents

Check for an enabled debug command provided by the SMTP service.

Procedure:
# telnet localhost 25
debug

If the command does not return a 500 error code of command unrecognized, this is a finding.

If telnet is unavailable for testing, check the version of sendmail. Run the following as a non-privileged user.

$ echo \$Z | /usr/sbin/sendmail -bt -d0

If the version reported is less than 8.6, this is a finding.

Vulnerability Number

V-4690

Documentable

False

Rule Version

GEN004620

Severity Override Guidance

Check for an enabled debug command provided by the SMTP service.

Procedure:
# telnet localhost 25
debug

If the command does not return a 500 error code of command unrecognized, this is a finding.

If telnet is unavailable for testing, check the version of sendmail. Run the following as a non-privileged user.

$ echo \$Z | /usr/sbin/sendmail -bt -d0

If the version reported is less than 8.6, this is a finding.

Check Content Reference

M

Responsibility

System Administrator

Target Key

25

Comments