|
Family: SMTP problems --> Category: infos
Sendmail debug mode leak Vulnerability Scan
Vulnerability Scan Summary Checks the version number for 'debug mode leak'
Detailed Explanation for this Vulnerability Test
According to the version number of the remote mail server,
a local user may be able to obtain the complete mail configuration
and other interesting information about the mail queue even if
he is not allowed to access those information directly, by running
sendmail -q -d0-nnnn.xxx
where nnnn & xxx are debugging levels.
If users are not allowed to process the queue (which is the default)
then you are not vulnerable.
Solution : upgrade to the latest version of Sendmail or
do not allow users to process the queue (RestrictQRun option)
Threat Level: Low
Note : This vulnerability is _local_ only
Click HERE for more information and discussions on this network vulnerability scan.
|