STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide

V-4690

CAT I (High)

The sendmail server must have the debug feature disabled.

Rule ID

SV-45870r1_rule

STIG

SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide

Version

V1R12

CCIs

CCI-000366

Discussion

Debug mode is a feature present in older versions of sendmail which, if not disabled, may allow an attacker to gain access to a system through the sendmail service.

Check Content

Check for an enabled "debug" command provided by the SMTP service.

Procedure:
# telnet localhost 25
debug

If the command does not return a 500 error code of "command unrecognized", this is a finding.

The SLES mainframe distribution ships with sendmail Version 8.14.3.-50.20.1 which is not vulnerable. This should never be a finding.

Fix Text

Obtain and install a newer version of the SMTP service software (sendmail or Postfix) fromNovell.