Information
A common configuration for older mail transfer agents (MTAs) is to include an alias for the decode user. All mail sent to this user is sent to the uudecode program, which automatically converts and stores files. By sending mail to the decode or the uudecode aliases present on some systems, a remote attacker may be able to create or overwrite files on the remote host. This could possibly be used to gain remote access.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Disable mail aliases for decode and uudecode. If the /etc/mail/aliases (mail alias) file contains entries for these programs, remove them or disable them by placing # at the beginning of the line, and then executing the newaliases command. For more information on mail aliases, refer to the man page for aliases. Disabled aliases would be similar to these (commented) file entry examples - '# decode- |/usr/bin/uudecode' '# uudecode- |/usr/bin/uuencode -d'