HighCheck or Attack Name: smtpwiz
Very old installations of the Sendmail mailing system contained a feature whereby a remote user connecting to the SMTP port can enter the "WIZ" command and be given an interactive shell with root privileges.
If the WIZ command is enabled on Sendmail, it should be disabled by adding this line to the sendmail.cf configuration file (note that it must be typed in uppercase).
OW*
For the change to take effect, kill the Sendmail process, refreeze the sendmail.cf file, and restart the Sendmail process.
CERT Advisory CA-93.14, Internet Security Scanner (ISS), http://www.cert.org/advisories/CA-93.14.Internet.Security.Scanner.html
Sendmail Consortium, Sendmail Homepage, http://www.sendmail.org
