| VID |
18008 |
| Severity |
20 |
| Port |
25 |
| Protocol |
TCP |
| Class |
SMTP |
| Detailed Description |
The SMTP server answers to the EXPN command. This command allows an attacker to determine if an account exists on a system, providing significant assistance to a brute force attack on user accounts. EXPN also provides additional information concerning users on the system, such as if they exist and their full names. and Some of smtp versions can allow a buffer overflow by too long argument of this command.
* References:
http://www.sendmail.org/
http://www.iss.net/security_center/static/128.php
ftp://ftp.cs.berkeley.edu/ucb/sendmail |
| Recommendation |
Your mailer should not allow remote users to use any of these commands, because it gives them too much informations.
To remove the EXPN command,
1. add the option 'O PrivacyOptions=goaway' or 'O PrivacyOptions=authwarning,noexpn,novrfy'
in /etc/sendmail.cf file. (Some of versions often add the option 'Opnoexpn')
2. revoke 'sendmail' daemon.
Newer versions of Sendmail are available at http://www.sendmail.org or from ftp://ftp.cs.berkeley.edu/ucb/sendmail. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
