Author: James D. Freels Date: To: exim-users Subject: [Exim] request for help: CAN-1999-0531 expn exploitation
My employee scans our machines for security problems. A potential
security problem has been uncovered for both "exim" and "smail"
packages. A solution is provided for sendmail if it were the MTA, but
since it is not, I need help with an equivalent configuration.
Here is the information of the issue:
smtpexpn: SMTP EXPN command (CAN-1999-0531)
I have read the answer in the EXIM FAQ, but I still do not get a
solution. I have included in my exim.conf file the following
parametric options:
no_smtp_verify
no_expn
smtp_expn_hosts localhost
but I am still getting the same response from the "Xforce ISS" scanners.
Since I am not using sendmail, then there appears to be a problem. I
would appreciate any solution offered.
Thanks...
Information below:
Simple Mail Transfer Protocol (SMTP)-compliant applications, such as
the Sendmail program EXPN, could allow an attacker to determine
if an account exists on a system, providing significant assistance to a
brute force attack on user accounts. EXPN provides additional
information concerning users on the system, such as if they exist and
their full names. This information can be useful in further attacks.
Remedy:
If you are running Sendmail, add the line Opnoexpn to your Sendmail
configuration file, usually located in /etc/sendmail.cf. For other mail
servers, contact your vendor for information on how to disable the
expand command.
Upgrade to the latest version of Sendmail (8.11.4 or later), available
from the Sendmail Consortium Web site. See References.
--OR--
Apply the appropriate patch for your system, available from the
Sendmail Consortium FTP site. See References.
I am stuck on the last remedy and hope someone from this mailing list
can provide the solution.
Thanks...
--
James D. Freels, P.E._i, Ph.D.
Oak Ridge National Laboratory
freelsjd@??? - work
jdfreels@??? - home