Installation guide
Chapter 3. Requirements Protogate Freeway Requirements Specification (SRS)
Notes Debug mode is a feature present in older versions of Sendmail which, if not disabled, may
allow an attacker to gain access to a system through the Sendmail service.
3.8.27. GEN004640 - Sendmail DECODE Command
Summary The SMTP service must not have a uudecode alias active.
Notes A common configuration for older Mail Transfer Agents (MTAs) includes an alias for the
decode user. All mail sent to this user is sent to the uudecode program, which automatically
converts and stores files. By sending mail to decode or uudecode aliases present on some
systems, a remote attacker may be able to create or overwrite files on the remote host. This
could possibly be used to gain remote access.
3.8.28. GEN005000 - Anonymous FTP Account Shell
Summary Anonymous FTP accounts must not have a functional shell.
Notes If an anonymous FTP account has been configured to use a functional shell, attackers could
gain access to the shell if the account is compromised.
3.8.29. GEN005020 - Anonymous FTP Configuration
Summary The anonymous FTP account must be configured to use chroot or a similarly isolated
environment.
Notes If an anonymous FTP account does not use a chroot or similarly isolated environment, the
system may be more vulnerable to exploits against the FTP service. Such exploits could allow
an attacker to gain shell access to the system and view, edit, or remove sensitive files.
3.8.30. GEN005080 - TFTP Secure Mode
Summary The TFTP daemon must operate in "secure mode" which provides access only to a single
directory on the host file system.
Notes Secure mode limits TFTP requests to a specific directory. If TFTP is not running in secure
mode, it may be able to write to any file or directory and may seriously impair system
integrity, confidentiality, and availability.
20 Protogate DC-900-2021A