Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2023-51765

Опубликовано: 24 дек. 2023
Источник: debian
EPSS Низкий

Описание

sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports <LF>.<CR><LF> but some other popular e-mail servers do not. This is resolved in 8.18 and later versions with 'o' in srv_features.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
sendmailfixed8.18.1-1package
sendmailfixed8.17.1.9-2+deb12u1bookwormpackage
sendmailfixed8.15.2-22+deb11u1bullseyepackage

Примечания

  • https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/

  • https://www.openwall.com/lists/oss-security/2023/12/21/6

  • https://www.openwall.com/lists/oss-security/2023/12/26/5

EPSS

Процентиль: 77%
0.0109
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2023-51765

CVSS3: 5.3
ubuntu
больше 1 года назад

sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports <LF>.<CR><LF> but some other popular e-mail servers do not. This is resolved in 8.18 and later versions with 'o' in srv_features.

redhat логотип

CVE-2023-51765

CVSS3: 5.3
redhat
больше 1 года назад

sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports <LF>.<CR><LF> but some other popular e-mail servers do not. This is resolved in 8.18 and later versions with 'o' in srv_features.

nvd логотип

CVE-2023-51765

CVSS3: 5.3
nvd
больше 1 года назад

sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports <LF>.<CR><LF> but some other popular e-mail servers do not. This is resolved in 8.18 and later versions with 'o' in srv_features.

suse-cvrf логотип

SUSE-SU-2024:0743-1

suse-cvrf
больше 1 года назад

Security update for sendmail

suse-cvrf логотип

SUSE-SU-2024:0742-1

suse-cvrf
больше 1 года назад

Security update for sendmail

EPSS

Процентиль: 77%
0.0109
Низкий