Описание
OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an e-mail message. This is caused by incorrect parsing and interpretation of SPF/DKIM authentication results, as demonstrated by the example.net(.example.com substring.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| opendmarc | fixed | 1.4.0~beta1+dfsg-4 | package | |
| opendmarc | postponed | stretch | package |
Примечания
https://sourceforge.net/p/opendmarc/tickets/237/
https://www.usenix.org/system/files/sec20fall_chen-jianjun_prepub_0.pdf
Fix: https://github.com/trusteddomainproject/OpenDMARC/commit/f3a9a9d4edfaa05102292727d021683f58aa4b6e
EPSS
Связанные уязвимости
OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an e-mail message. This is caused by incorrect parsing and interpretation of SPF/DKIM authentication results, as demonstrated by the example.net(.example.com substring.
OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an e-mail message. This is caused by incorrect parsing and interpretation of SPF/DKIM authentication results, as demonstrated by the example.net(.example.com substring.
OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an e-mail message. This is caused by incorrect parsing and interpretation of SPF/DKIM authentication results, as demonstrated by the example.net(.example.com substring.
Уязвимость программного обеспечения проверки подлинности и анализа электронных писем OpenDMARC, связанная с обходом аутентификации посредством спуфинга, позволяющая нарушителю оказать воздействие на целостность данных
EPSS