Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2024:9243

Опубликовано: 17 мар. 2025
Источник: rocky
Оценка: Moderate

Описание

Moderate: postfix security update

The postfix packages provide a Mail Transport Agent (MTA), which supports protocols like LDAP, SMTP AUTH (SASL), and TLS.

Security Fix(es):

  • postfix: SMTP smuggling vulnerability (CVE-2023-51764)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 9.5 Release Notes linked from the References section.

Затронутые продукты

  • Rocky Linux 9

НаименованиеАрхитектураРелизRPM
postfixx86_641.el9postfix-3.5.25-1.el9.x86_64.rpm
postfix-cdbx86_641.el9postfix-cdb-3.5.25-1.el9.x86_64.rpm
postfix-ldapx86_641.el9postfix-ldap-3.5.25-1.el9.x86_64.rpm
postfix-lmdbx86_641.el9postfix-lmdb-3.5.25-1.el9.x86_64.rpm
postfix-mysqlx86_641.el9postfix-mysql-3.5.25-1.el9.x86_64.rpm
postfix-pcrex86_641.el9postfix-pcre-3.5.25-1.el9.x86_64.rpm
postfix-perl-scriptsx86_641.el9postfix-perl-scripts-3.5.25-1.el9.x86_64.rpm
postfix-pgsqlx86_641.el9postfix-pgsql-3.5.25-1.el9.x86_64.rpm
postfix-sqlitex86_641.el9postfix-sqlite-3.5.25-1.el9.x86_64.rpm

Показывать по

Связанные CVE

CVE-2023-51764

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2023-51764

CVSS3: 5.3
ubuntu
почти 2 года назад

Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in recent versions). Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Postfix supports <LF>.<CR><LF> but some other popular e-mail servers do not. To prevent attack variants (by always disallowing <LF> without <CR>), a different solution is required, such as the smtpd_forbid_bare_newline=yes option with a Postfix minimum version of 3.5.23, 3.6.13, 3.7.9, 3.8.4, or 3.9.

redhat логотип

CVE-2023-51764

CVSS3: 5.3
redhat
около 2 лет назад

Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in recent versions). Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Postfix supports <LF>.<CR><LF> but some other popular e-mail servers do not. To prevent attack variants (by always disallowing <LF> without <CR>), a different solution is required, such as the smtpd_forbid_bare_newline=yes option with a Postfix minimum version of 3.5.23, 3.6.13, 3.7.9, 3.8.4, or 3.9.

nvd логотип

CVE-2023-51764

CVSS3: 5.3
nvd
почти 2 года назад

Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in recent versions). Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Postfix supports <LF>.<CR><LF> but some other popular e-mail servers do not. To prevent attack variants (by always disallowing <LF> without <CR>), a different solution is required, such as the smtpd_forbid_bare_newline=yes option with a Postfix minimum version of 3.5.23, 3.6.13, 3.7.9, 3.8.4, or 3.9.

msrc логотип

CVE-2023-51764

CVSS3: 5.3
msrc
почти 2 года назад

Описание отсутствует

debian логотип

CVE-2023-51764

CVSS3: 5.3
debian
почти 2 года назад

Postfix through 3.8.5 allows SMTP smuggling unless configured with smt ...