| VID |
18024 |
| Severity |
40 |
| Port |
25 |
| Protocol |
TCP |
| Class |
SMTP |
| Detailed Description |
The SMTP server accepts the DEBUG mode. This mode is dangerous as it allows remote users to execute arbitrary commands as root without the need to log in. This option looks for old versions of Sendmail that allow debug mode and could provide an attacker access to the machine.
* References:
http://www.cert.org/advisories/CA-1988-01.html
http://www.iss.net/security_center/static/125.php |
| Recommendation |
Obtain and install a more recent version of Sendmail, which does not implement the DEBUG feature. |
| Related URL |
CVE-1999-0095 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
