Medium: sendmail

Issue Overview: sendmail through at least 8.14.7 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail...

EUVD-2019-11327

Malware in sbrugna...

SUSE SLES12 Security Update : sendmail (SUSE-SU-2024:0742-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:0742-1 advisory. - sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to...

SMTP Smuggling

sendmail is vulnerable to SMTP Smuggling. The vulnerability is due to injecting email messages with a spoofed MAIL FROM address using sendmail supports . sequence which allows malicious emails to be accepted as legitimate and leads to bypass of SPF protection mechanisms...

Important: exim

Issue Overview: Exim through 4.97 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports . but some...

SUSE CVE-2023-51764

Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpddatarestrictions=rejectunauthpipelining and smtpddiscardehlokeywords=chunking or certain other options that exist in recent versions. Remote attackers can use a published exploitation technique to inject e-mail messages with ...

Code injection

Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports . but...

CVE-2023-51766

Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports . but...

CVE-2023-51765

sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports . but some other...

UBUNTU-CVE-2023-51766

Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports . but...

CVE-2023-51764

Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpddatarestrictions=rejectunauthpipelining and smtpddiscardehlokeywords=chunking or certain other options that exist in recent versions. Remote attackers can use a published exploitation technique to inject e-mail messages with ...

CVE-2023-51766

Exim before 4.97.1 is vulnerable to SMTP smuggling in specific PIPELINING/CHUNKING configurations, enabling a remote attacker to inject messages with a spoofed MAIL FROM and bypass SPF. The root cause cited across multiple sources is that Exim handles end-of-data sequences using . in ways that so...

CVE-2023-51765

CVE-2023-51765 affects sendmail up to 8.17.2, enabling SMTP smuggling via non-standard line endings that can spoof MAIL FROM and bypass SPF. The issue is mitigated by upgrading to 8.18.x or later (noted to enforce stricter RFC compliance, e.g., with srv_features). Several vendors have released fi...

CVE-2023-51766

Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports . but...

CVE-2023-51764

Postfix CVE-2023-51764 affects Postfix versions prior to fixed releases (e.g., 3.8.5 and earlier patched lines) and allows SMTP smuggling via non-standard end-of-data handling, enabling spoofed MAIL FROM and SPF bypass. Public advisories (ALMA/AMAZON/Linux distributions and Debian LTS) confirm th...

MGASA-2021-0462 Updated opendmarc packages fix security vulnerability

OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, allows attacks that bypass SPF and DMARC authentication in situations where the HELO field is inconsistent with the MAIL FROM field CVE-2019-20790. OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication...

OpenDMARC - Multiple vulnerabilities

OpenDMARC releases prior to 1.4.1 are susceptible to the following vulnerabilities: CVE-2019-16378 OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect applications that consider a domain name to be...