Bug ID 1218387
Summary VUL-0: CVE-2023-51766: exim: SMTP smuggling attack
Classification openSUSE
Product openSUSE Distribution
Version Leap 15.6
Hardware Other
URL https://smash.suse.de/issue/389285/
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Other
Assignee poeml@cmdline.net
Reporter smash_bz@suse.de
QA Contact security-team@suse.de
CC meissner@suse.com
Target Milestone ---
Found By Security Response Team
Blocker ---

Exim through 4.97 allows SMTP smuggling in certain configurations. Remote
attackers can use a published exploitation technique to inject e-mail messages
that appear to originate from the Exim server, allowing bypass of an SPF
protection mechanism. This occurs because Exim supports <LF>.<CR><LF> but some
other popular e-mail servers do not.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51766


You are receiving this mail because: