17 matches found
Medium: sendmail
Issue Overview: sendmail through at least 8.14.7 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail...
EUVD-2019-11327
Malware in sbrugna...
SUSE SLES12 Security Update : sendmail (SUSE-SU-2024:0742-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:0742-1 advisory. - CVE-2023-51765: Fixed new SMTP smuggling attack. bsc1218351 Tenable has extracted the preceding description block directly from the SUSE...
SMTP Smuggling
sendmail is vulnerable to SMTP Smuggling. The vulnerability is due to injecting email messages with a spoofed MAIL FROM address using sendmail supports . sequence which allows malicious emails to be accepted as legitimate and leads to bypass of SPF protection mechanisms...
Important: exim
Issue Overview: Exim through 4.97 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports . but some...
SUSE CVE-2023-51764
Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpddatarestrictions=rejectunauthpipelining and smtpddiscardehlokeywords=chunking or certain other options that exist in recent versions. Remote attackers can use a published exploitation technique to inject e-mail messages with ...
CVE-2023-51765
sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports . but some other...
Code injection
Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports . but...
CVE-2023-51766
Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports . but...
UBUNTU-CVE-2023-51766
Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports . but...
CVE-2023-51764
Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpddatarestrictions=rejectunauthpipelining and smtpddiscardehlokeywords=chunking or certain other options that exist in recent versions. Remote attackers can use a published exploitation technique to inject e-mail messages with ...
CVE-2023-51765
CVE-2023-51765 affects sendmail up to 8.17.2, enabling SMTP smuggling via non-standard line endings that can spoof MAIL FROM and bypass SPF. The issue is mitigated by upgrading to 8.18.x or later (noted to enforce stricter RFC compliance, e.g., with srv_features). Several vendors have released fi...
CVE-2023-51766
Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports . but...
CVE-2023-51766
Exim before 4.97.1 is vulnerable to SMTP smuggling in specific PIPELINING/CHUNKING configurations, enabling a remote attacker to inject messages with a spoofed MAIL FROM and bypass SPF. The root cause cited across multiple sources is that Exim handles end-of-data sequences using . in ways that so...
CVE-2023-51764
Postfix CVE-2023-51764 affects Postfix versions prior to fixed releases (e.g., 3.8.5 and earlier patched lines) and allows SMTP smuggling via non-standard end-of-data handling, enabling spoofed MAIL FROM and SPF bypass. Public advisories (ALMA/AMAZON/Linux distributions and Debian LTS) confirm th...
MGASA-2021-0462 Updated opendmarc packages fix security vulnerability
OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, allows attacks that bypass SPF and DMARC authentication in situations where the HELO field is inconsistent with the MAIL FROM field CVE-2019-20790. OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication...
OpenDMARC - Multiple vulnerabilities
OpenDMARC releases prior to 1.4.1 are susceptible to the following vulnerabilities: CVE-2019-16378 OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect applications that consider a domain name to be...