Important: postfix

Issue Overview: Postfix through 3.8.4 allows SMTP smuggling unless configured with smtpddatarestrictions=rejectunauthpipelining and smtpddiscardehlokeywords=chunking or certain other options that exist in recent versions. Remote attackers can use a published exploitation technique to inject e-mai...

Amazon Linux 2 : postfix (ALAS-2024-2420)

The version of postfix installed on the remote host is prior to 2.10.1-6. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2420 advisory. Postfix through 3.8.4 allows SMTP smuggling unless configured with smtpddatarestrictions=rejectunauthpipelining and...

Amazon Linux AMI : exim (ALAS-2024-1908)

The version of exim installed on the remote host is prior to 4.92-1.40. It is, therefore, affected by a vulnerability as referenced in the ALAS-2024-1908 advisory. Exim through 4.97 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.10 : Postfix vulnerability (USN-6591-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6591-1 advisory. Timo Longin discovered that Postfix incorrectly handled certain email line endings. A remote attacker could possibly u...

CVE-2023-51765

sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports . but some other...

CVE-2023-51765

sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports . but some other...

CVE-2023-51766

Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports . but...

CVE-2023-51766

Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports . but...

CVE-2023-51765

sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports . but some other...

HBGary: Silence, Sloppy Reporting Hyped Anonymous Hack

After months of almost total silence, security firm HBGary issued a statement to counter what it claims were inaccurate media reports about a February security breach that spilled thousands of e-mail messages onto the Internet. The letter, published on HBGary’s Web site and positioned as an “Open...

ClamAV milter popen command injection

Added: 09/06/2007 CVE: CVE-2007-4560 BID: 25439 OSVDB: 36909 Background ClamAV is an open-source anti-virus toolkit. clamav-milter is a derivative of ClamAV for e-mail servers running Sendmail. Problem An insecure call to the popen function in clamav-milter, when running in black hole mode, allow...