The SMTP service must be an up-to-date version.

From SOLARIS 10 X86 SECURITY TECHNICAL IMPLEMENTATION GUIDE

Part of GEN004600

Associated with IA controls: VIVM-1

Associated with: CCI-001230

SV-39819r1_rule The SMTP service must be an up-to-date version.

Vulnerability discussion

The SMTP service version on the system must be current to avoid exposing vulnerabilities present in unpatched versions.

Check content

Determine the version of the SMTP service software, using a non-privileged account. $ /usr/lib/sendmail -d0 -bt < /dev/null (Note: While this command will report the sendmail version almost immediately, it will take several moments to return to the shell prompt. Press ctrl-C to terminate the sendmail process.) Version 8.14.4 is the latest required version. Version 8.14.4+Sun is available from Oracle for Solaris. If the sendmail version is not at least 8.14.4 or Oracle's latest version, this is a finding.

Fix text

Obtain and install the latest version of Sendmail from Oracle through normal software update processes, as implemented locally.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer