2025-08-23 01:58:14 +05:30
id : sendmail-postfix-execution-restrictions
info :
name : Sendmail/Postfix Execution Restrictions Misconfigured
author : songyaeji
severity : medium
description : |
General users were not restricted from executing Sendmail with the q option, and the Postfix binary lacked proper permission controls.This misconfiguration allowed unauthorized users to manipulate the mail queue or disrupt mail delivery.
reference :
- https://isms.kisa.or.kr
tags : local,linux,audit,sendmail,postfix,compliance
self-contained : true
code :
- engine :
- bash
source : |
if ! grep -qi 'restrictqrun' /etc/mail/sendmail.cf 2>/dev/null; then
echo "[VULNERABLE] sendmail.cf missing 'restrictqrun'"
else
echo "[SAFE] restrictqrun option is set in sendmail.cf"
fi
- engine :
- bash
source : |
if [ -x /usr/sbin/postfix ]; then
PERM="$(stat -c '%A' /usr/sbin/postfix 2>/dev/null || echo '')"
if [ "$PERM" != "-rwxr-x---" ]; then
echo "[VULNERABLE] /usr/sbin/postfix permission is '$PERM' (expected -rwxr-x---)"
else
echo "[SAFE] postfix binary permission is correct"
fi
fi
- engine :
- bash
source : |
if getent group postfix >/dev/null 2>&1; then
MEMBERS="$(getent group postfix | awk -F ':' '{print $4}')"
echo "$MEMBERS" | grep -qw root || echo "[VULNERABLE] 'root' not in 'postfix' group"
fi
matchers :
- type : word
name : restrictqrun
part : code_1_response
words :
- "[VULNERABLE]"
- type : word
name : postfix-permission
part : code_2_response
words :
- "[VULNERABLE]"
- type : word
name : postfix-group
part : code_3_response
words :
2025-08-24 07:05:38 +00:00
- "[VULNERABLE]"
# digest: 4a0a004730450220532eeadc9b326aedf00c342a793b477a85a927a91a2fb1ae9caf341d4f41aa32022100cad5d3ff5d3bc482a80979d50961d98d11788235a82926fcff701b4028fff58c:922c64590222798bb761d5b6d8e72950
