374 matches found
Amazon Linux 2 : postfix (ALAS-2024-2420)
The version of postfix installed on the remote host is prior to 2.10.1-6. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2420 advisory. Postfix through 3.8.4 allows SMTP smuggling unless configured with smtpddatarestrictions=rejectunauthpipelining and...
Important: postfix
Issue Overview: Postfix through 3.8.4 allows SMTP smuggling unless configured with smtpddatarestrictions=rejectunauthpipelining and smtpddiscardehlokeywords=chunking or certain other options that exist in recent versions. Remote attackers can use a published exploitation technique to inject e-mai...
Important: postfix
Issue Overview: Postfix through 3.8.4 allows SMTP smuggling unless configured with smtpddatarestrictions=rejectunauthpipelining and smtpddiscardehlokeywords=chunking or certain other options that exist in recent versions. Remote attackers can use a published exploitation technique to inject e-mai...
Important: exim
Issue Overview: Exim through 4.97 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports . but some...
CBL Mariner 2.0 Security Update: postfix (CVE-2023-51764)
The version of postfix installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-51764 advisory. - Postfix through 3.8.5 allows SMTP smuggling unless configured with...
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.10 : Postfix vulnerability (USN-6591-1)
The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6591-1 advisory. Timo Longin discovered that Postfix incorrectly handled certain email line endings. A remote attacker could possibly u...
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS : Libspf2 vulnerabilities (USN-6584-1)
The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6584-1 advisory. Philipp Jeitner and Haya Shulman discovered that Libspf2 incorrectly handled certain inputs. If a user or an automated system wer...
GLSA-202401-22 : libspf2: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202401-22 libspf2: Multiple vulnerabilities - Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF...
Fedora 38 : exim (2024-e0841c83bb)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-e0841c83bb advisory. Security fix for CVE-2023-51766. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...
Fedora 39 : exim (2024-1ef6197a49)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-1ef6197a49 advisory. =Security fix for CVE-2023-51766. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...
Fedora 39 : postfix (2024-c839e7294f)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-c839e7294f advisory. Security fix for CVE-2023-51764. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...
Fedora 38 : postfix (2024-5c186175f2)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-5c186175f2 advisory. Security fix for CVE-2023-51764. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...
Exim < 4.97.1 SMTP Smuggling Vulnerability (Dec 2023)
Exim is prone to a SMTP smuggling vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:exim:exim"; if description...
Postfix SMTP Smuggling Vulnerability (Dec 2023)
Postfix is prone to a SMTP smuggling vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:postfix:postfix"; ifdescripti...
Explained: SMTP smuggling
SMTP smuggling is a technique that allows an attacker to send an email from pretty much any address they like. The intended goal is email spoofing—sending emails with false sender addresses. Email spoofing allows criminals to make malicious emails more believable. Let’s take a closer look at what...
SMTP Smuggling: New Flaw Lets Attackers Bypass Security and Spoof Emails
A new exploitation technique called Simple Mail Transfer Protocol SMTP smuggling can be weaponized by threat actors to send spoofed emails with fake sender addresses while bypassing security measures. "Threat actors could abuse vulnerable SMTP servers worldwide to send malicious emails from...
SUSE SLED15: postfix / postfix-bdb / postfix-bdb-lmdb / postfix-devel / etc (SUSE-SU-2024:0012-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0012-1 advisory. - CVE-2023-51764: Fixed SMTP smuggling attack bsc1218304. Tenable has extracted the preceding description...
Exploit for Insufficient Verification of Data Authenticity in Postfix
CVE-2023-51764 Postfix SMTP Smuggling - Expect Script POC sen...
SMTP Smuggling
Postfix is vulnerable to SMTP smuggling. The vulnerability is caused due to support for . while handling line endings. A remote attacker can exploit this using published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection...
CVE-2023-51765
A flaw was found in some SMTP server configurations in Sendmail. This issue may allow a remote attacker to break out of the email message data to "smuggle" SMTP commands and send spoofed emails that pass SPF checks. Mitigation Mitigation for this issue is either not available or the currently...