STIGQter: STIG Summary: Solaris 10 SPARC Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

The Sendmail server must have the debug feature disabled.

DISA Rule

SV-220050r603265_rule

Vulnerability Number

V-220050

Group Title

SRG-OS-000480

Rule Version

GEN004620

Severity

CAT I

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Obtain and install a more recent version of Sendmail, which does not implement the DEBUG feature.

Check Contents

Check for an enabled debug command provided by the SMTP service.

Procedure:
# telnet localhost 25
debug

If the command does not return a 500 error code of command unrecognized, this is a finding.

If telnet is unavailable for testing, check the version of sendmail. Run the following as a non-privileged user.

$ echo \$Z | /usr/sbin/sendmail -bt -d0

If the version reported is less than 8.6, this is a finding.

Vulnerability Number

V-220050

Documentable

False

Rule Version

GEN004620

Severity Override Guidance

Check for an enabled debug command provided by the SMTP service.

Procedure:
# telnet localhost 25
debug

If the command does not return a 500 error code of command unrecognized, this is a finding.

If telnet is unavailable for testing, check the version of sendmail. Run the following as a non-privileged user.

$ echo \$Z | /usr/sbin/sendmail -bt -d0

If the version reported is less than 8.6, this is a finding.

Check Content Reference

M

Target Key

4060

Comments