Lucene search

K

[email protected]NVD:CVE-2023-51764

HistoryDec 24, 2023 - 5:15 a.m.

CVE-2023-51764

2023-12-2405:15:08

CWE-345

[email protected]

web.nvd.nist.gov

1

postfix

smtp smuggling

vulnerability

spf bypass

injection

spoofing

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

0.003 Low

EPSS

Percentile

65.3%

Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in recent versions). Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Postfix supports <LF>.<CR><LF> but some other popular e-mail servers do not. To prevent attack variants (by always disallowing <LF> without <CR>), a different solution is required, such as the smtpd_forbid_bare_newline=yes option with a Postfix minimum version of 3.5.23, 3.6.13, 3.7.9, 3.8.4, or 3.9.

Affected configurations

NVD

Node

postfixpostfixRange<3.5.23

OR

postfixpostfixRange3.6.0–3.6.13

OR

postfixpostfixRange3.7.0–3.7.9

OR

postfixpostfixRange3.8.0–3.8.4

Node

fedoraprojectfedoraMatch38

OR

fedoraprojectfedoraMatch39

Node

redhatenterprise_linuxMatch8.0

OR

redhatenterprise_linuxMatch9.0

References

www.openwall.com/lists/oss-security/2023/12/24/1

www.openwall.com/lists/oss-security/2023/12/25/1

www.openwall.com/lists/oss-security/2024/05/09/3

access.redhat.com/security/cve/CVE-2023-51764

bugzilla.redhat.com/show_bug.cgi?id=2255563

fahrplan.events.ccc.de/congress/2023/fahrplan/events/11782.html

github.com/duy-31/CVE-2023-51764

github.com/eeenvik1/CVE-2023-51764

lists.debian.org/debian-lts-announce/2024/01/msg00020.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQ5WXFCW2N6G2PH3JXDTYW5PH5EBQEGO/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QRLF5SOS7TP5N7FQSEK2NFNB44ISVTZC/

lwn.net/Articles/956533/

sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/

www.openwall.com/lists/oss-security/2024/01/22/1

www.postfix.org/announcements/postfix-3.8.5.html

www.postfix.org/smtp-smuggling.html

www.youtube.com/watch?v=V8KPV96g1To

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

0.003 Low

EPSS

Percentile

65.3%

Related for NVD:CVE-2023-51764

redhatcve1 veracode1 ubuntu2 nessus14 amazon2 osv3 openvas11 debian1 prion1 cbl_mariner2 debiancve1 githubexploit4 fedora2 mageia1 cvelist1 ubuntucve1 redos1 cve1 cert1