The SMTP service must not have a uudecode alias active.

From AIX 6.1 SECURITY TECHNICAL IMPLEMENTATION GUIDE

Part of GEN004640

Associated with IA controls: ECSC-1

Associated with: CCI-001230

SV-4691r2_rule The SMTP service must not have a uudecode alias active.

Vulnerability discussion

A common configuration for older Mail Transfer Agents (MTAs) includes an alias for the decode user. All mail sent to this user is sent to the uudecode program, which automatically converts and stores files. By sending mail to decode or uudecode aliases present on some systems, a remote attacker may be able to create or overwrite files on the remote host. This could possibly be used to gain remote access.

Check content

Check the SMTP service for an active decode command. Procedure: # telnet localhost 25 decode If the command does not return a 500 error code of command unrecognized, this is a finding.

Fix text

Disable mail aliases for decode and uudecode. If the /etc/aliases or /usr/lib/aliases (mail alias) file contains entries for these programs, remove them or disable them by placing # at the beginning of the line, and then executing the "newaliases" command. For more information on mail aliases, refer to the man page for aliases. Disabled aliases would be similar to the examples below: # decode: |/usr/bin/uudecode # uudecode: |/usr/bin/uuencode -d

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer