Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Re: New SMTP smuggling attack

Related Vulnerabilities: CVE-2023-51765  
Source 
                On Sun, Dec 24, 2023, Marcus Meissner wrote:

Can you update the text for this (or point me to the proper way/persons
to do this)?

1.
"sendmail through at least 8.14.7"
->
sendmail up to and including 8.17.2

2.
remove the seemingly unrelated reference to
"Merge sendmail 8.14.8 to HEAD  freebsd/freebsd-src@5dd76dd"

3.
Mention that 8.18 fixes the problem:
        Accept only CR LF . CR LF as end of an SMTP message as
                required by the RFCs when the new srv_features
                option 'o' is used.

sendmail 8.18.0.2 is available at
https://ftp.sendmail.org/snapshots/sendmail.8.18.0.2.tar.gz
https://ftp.sendmail.org/snapshots/sendmail.8.18.0.2.tar.gz.sig

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started