OESA-2024-1927 exim security update

Exim is a message transfer agent MTA developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal ...

Astra Linux – Vulnerability in exim4

Before version 4.97.1, Exim allowed SMTP smuggling in certain pipeline/chunking configurations. Remote attackers could use a known exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, thereby bypassing an SPF protection mechanism. This issue arises because Exim...

OESA-2024-1322 python-aiosmtpd security update

This is a server for SMTP and related protocols, similar in utility to the standard library's smtpd.py module, but rewritten to be based on asyncio for Python 3. Security Fixes: aiosmtpd is a reimplementation of the Python stdlib smtpd.py based on asyncio. aiosmtpd is vulnerable to inbound SMTP...

OESA-2024-1320 python-aiosmtpd security update

This is a server for SMTP and related protocols, similar in utility to the standard library's smtpd.py module, but rewritten to be based on asyncio for Python 3. Security Fixes: aiosmtpd is a reimplementation of the Python stdlib smtpd.py based on asyncio. aiosmtpd is vulnerable to inbound SMTP...

aiosmtpd Data Forgery Issue Vulnerability

aiosmtpd is an asyncio-based SMTP server. aiosmtpd is vulnerable to a data forgery issue that stems from the presence of an SMTP smuggling vulnerability...

PT-2024-22152 · Postal · Postal

Name of the Vulnerable Software and Affected Versions: Postal versions less than 3.0.0 Description: The issue allows for SMTP Smuggling attacks, which may enable incoming e-mails to be spoofed. This could allow an incoming e-mail to be received by Postal, appearing to be from a server that a user...

AZL-32295 CVE-2023-51765 affecting package sendmail 8.15.2-46

sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports . but some other...

DEBIAN-CVE-2023-51766

Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports . but...

AZL-32296 CVE-2023-51764 affecting package postfix for versions less than 3.7.0-3

Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpddatarestrictions=rejectunauthpipelining and smtpddiscardehlokeywords=chunking or certain other options that exist in recent versions. Remote attackers can use a published exploitation technique to inject e-mail messages with ...

Postfix Data Forgery Issue Vulnerability

Postfix is an open source mail transfer agent. A data forgery issue vulnerability exists in versions prior to Postfix 3.8.4, which stems from a vulnerability that allows an attacker to bypass the SPF protection mechanism for SMTP smuggling...