Exim prior to 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports <LF>.<CR><LF> but some other popular e-mail servers do not.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
exim exim |
||
fedoraproject extra packages for enterprise linux 8.0 |
||
fedoraproject extra packages for enterprise linux 9.0 |
||
fedoraproject extra packages for enterprise linux 7.0 |
||
fedoraproject fedora 38 |
||
fedoraproject fedora 39 |
||
debian debian linux 10.0 |