SMTP Uuencode/Decode Aliases contents.gifindex.gif

SMTP Uuencode/Decode Aliases

If the decode mail aliases are enabled, an intruder is able to send mail to decode@hostname with a file that has been uuencoded to overwrite any system file. Enabling this option instructs the scanner to look for uuencode and uudecode.

Risk: High

Fix: In UNIX, disable mail aliases for decode and uuencode. If the file /etc/aliases contains entries for these programs, remove them or disable them by placing # at the beginning of the line, and then executing the command newaliases. For more information on UNIX mail aliases, consult the manual page for "aliases(1)". A disabled decode alias should appear as:

# decode: "|/usr/bin/uudecode"

Advisories:CA-90:02.intruder.warning , CA-93:14.Internet.Security.Scanner