Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.3
CVSSv3

CVE-2023-51764

Published: 24/12/2023 Updated: 30/01/2024
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Postfix

Vulnerability Summary

Postfix up to and including 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in recent versions). Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Postfix supports <LF>.<CR><LF> but some other popular e-mail servers do not. To prevent attack variants (by always disallowing <LF> without <CR>), a different solution is required, such as the smtpd_forbid_bare_newline=yes option with a Postfix minimum version of 3.5.23, 3.6.13, 3.7.9, 3.8.4, or 3.9.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

postfix postfix

fedoraproject fedora 38

fedoraproject fedora 39

redhat enterprise linux 8.0

redhat enterprise linux 9.0

Vendor Advisories

Amazon Linux 2: ALAS-2024-2420
Postfix through 384 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in recent versions) Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass ...
Amazon Linux AMI: ALAS-2024-1914
Postfix through 384 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in recent versions) Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass ...
Red Hat:
Description<!----> This CVE is under investigation by Red Hat Product Security ...

Mailing Lists

Full Disclosure: Re: Re: New SMTP smuggling attack
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: Re: New SMTP smuggling attack <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Marcus Meissner &lt;meissner () ...

Github Repositories

https://github.com/d4op/CVE-2023-51764-POC

just idea, no cp pls

based on githubcom/duy-31/CVE-2023-51764 and eventscccde/congress/2023/hub/en/event/smtp_smuggling_spoofing_e-mails_worldwide/?trk=public_post_comment-text its just some poc port to python 3x

https://github.com/Double-q1015/CVE-2023-51764

CVE-2023-51764 poc

CVE-2023-51764 CVE-2023-51764 poc Link: githubcom/duy-31/CVE-2023-51764 Add SMTP authentication The script has only been tested on Kali Please do not use the script for illegal purposes

https://github.com/eeenvik1/CVE-2023-51764

PoC CVE-2023-51764

PoC for CVE-2023-51764 SMTP SMUGGLING Postfix CVE-2023-51765_25py Описание Данный скрипт позволяет отправлять сообщения, используя 25 порт почтового сервера Использование Перед запуском, необходимо изменить переменные: smtp_server - адрес п

https://github.com/duy-31/CVE-2023-51764

Postfix SMTP Smuggling - Expect Script POC

CVE-2023-51764 Postfix SMTP Smuggling - Expect Script POC send an email that is legitimate, but inside the email there is many others emails (different senders, recipients, subjet, etc) The initial email is check for SPF/DKIM/DMARC, the others inside are not ! usage: /cve-2023-51764sh mxfqdn port /cve-2023-51764sh mailmydomaincom 25 notes: chmod +x cve-2023-51764sh r

https://github.com/hannob/smtpsmug

smtpsmug Script to help analyze mail servers for SMTP Smuggling vulnerabilities docs smtpsmug allows sending mails to an smtp server and ending it with various malformed end of data symbol This tests whether servers are affected by SMTP Smuggling vulnerabilities Please consider this preliminary and work in progress, I am still trying to fully understand the issue myself By

References

CWE-345https://www.postfix.org/smtp-smuggling.htmlhttps://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/http://www.openwall.com/lists/oss-security/2023/12/24/1http://www.openwall.com/lists/oss-security/2023/12/25/1https://bugzilla.redhat.com/show_bug.cgi?id=2255563https://access.redhat.com/security/cve/CVE-2023-51764https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11782.htmlhttps://github.com/eeenvik1/CVE-2023-51764https://github.com/duy-31/CVE-2023-51764https://www.youtube.com/watch?v=V8KPV96g1Tohttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QRLF5SOS7TP5N7FQSEK2NFNB44ISVTZC/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQ5WXFCW2N6G2PH3JXDTYW5PH5EBQEGO/https://lwn.net/Articles/956533/https://www.openwall.com/lists/oss-security/2024/01/22/1https://www.postfix.org/announcements/postfix-3.8.5.htmlhttps://lists.debian.org/debian-lts-announce/2024/01/msg00020.htmlhttps://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALAS-2024-2420.htmlhttps://github.com/d4op/CVE-2023-51764-POC
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook