STIGQter STIGQter: STIG Summary: Solaris 10 X86 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

The SMTP service must not have the VRFY feature active.

DISA Rule

SV-227849r603266_rule

Vulnerability Number

V-227849

Group Title

SRG-OS-000480

Rule Version

GEN004680

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

If Sendmail is running, add the line Opnovrfy to the Sendmail configuration file, usually located in /etc/sendmail.cf. For other mail servers, contact the vendor for information on how to disable the verify command. Newer versions of Sendmail are available at http://www.sendmail.org or from ftp://ftp.cs.berkeley.edu/ucb/sendmail.

Check Contents

Determine if VRFY is disabled.

Procedure:
# telnet localhost 25
vrfy root

If the command does not return a 500 error code of command unrecognized, this is a finding.

OR

Locate the sendmail.cf configuration file.

Procedure:
# find / -name sendmail.cf -print
# grep -v "^#" <sendmail.cf location> |grep -i "(goaway|vrfy)"

Verify the VRFY command is disabled with an entry in the sendmail.cf file that reads as one of the following:

Opnovrfy
O PrivacyOptions=novrfy
Opgoaway
O PrivacyOptions=goaway

(Other privacy options, such as noexpn or noetrn, may be included in the same line, separated by commas. The goaway option encompasses a number of privacy options, including novrfy.) If the VRFY command is not disabled, this is a finding.

Vulnerability Number

V-227849

Documentable

False

Rule Version

GEN004680

Severity Override Guidance

Determine if VRFY is disabled.

Procedure:
# telnet localhost 25
vrfy root

If the command does not return a 500 error code of command unrecognized, this is a finding.

OR

Locate the sendmail.cf configuration file.

Procedure:
# find / -name sendmail.cf -print
# grep -v "^#" <sendmail.cf location> |grep -i "(goaway|vrfy)"

Verify the VRFY command is disabled with an entry in the sendmail.cf file that reads as one of the following:

Opnovrfy
O PrivacyOptions=novrfy
Opgoaway
O PrivacyOptions=goaway

(Other privacy options, such as noexpn or noetrn, may be included in the same line, separated by commas. The goaway option encompasses a number of privacy options, including novrfy.) If the VRFY command is not disabled, this is a finding.

Check Content Reference

M

Target Key

4061

Comments