cve-2023-51765
Vulnerability from cvelistv5
Published
2023-12-24 00:00
Modified
2024-08-02 22:48
Severity ?
Summary
sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports <LF>.<CR><LF> but some other popular e-mail servers do not. This is resolved in 8.18 and later versions with 'o' in srv_features.
References
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2023/12/24/1Mailing List, Third Party Advisory
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2023/12/25/1Mailing List, Third Party Advisory
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2023/12/26/5Mailing List, Third Party Advisory
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2023/12/29/5Mailing List, Third Party Advisory
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2023/12/30/1Mailing List, Third Party Advisory
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2023/12/30/3Mailing List, Third Party Advisory
cve@mitre.orghttps://access.redhat.com/security/cve/CVE-2023-51765Third Party Advisory
cve@mitre.orghttps://bugzilla.redhat.com/show_bug.cgi?id=2255869Issue Tracking, Third Party Advisory
cve@mitre.orghttps://bugzilla.suse.com/show_bug.cgi?id=1218351Issue Tracking, Patch, Third Party Advisory
cve@mitre.orghttps://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11782.htmlTechnical Description
cve@mitre.orghttps://github.com/freebsd/freebsd-src/commit/5dd76dd0cc19450133aa379ce0ce4a68ae07fb39#diff-afdf514b32ac88004952c11660c57bc96c3d8b2234007c1cbd8d7ed7fd7935ccPatch
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2024/06/msg00004.html
cve@mitre.orghttps://lwn.net/Articles/956533/
cve@mitre.orghttps://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/Technical Description, Third Party Advisory
cve@mitre.orghttps://www.openwall.com/lists/oss-security/2023/12/21/7Mailing List, Third Party Advisory
cve@mitre.orghttps://www.openwall.com/lists/oss-security/2023/12/22/7Mailing List, Third Party Advisory
cve@mitre.orghttps://www.youtube.com/watch?v=V8KPV96g1ToExploit
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:48:11.197Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2023/12/22/7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2023/12/21/7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/freebsd/freebsd-src/commit/5dd76dd0cc19450133aa379ce0ce4a68ae07fb39#diff-afdf514b32ac88004952c11660c57bc96c3d8b2234007c1cbd8d7ed7fd7935cc"
          },
          {
            "name": "[oss-security] 20231224 Re: Re: New SMTP smuggling attack",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/12/24/1"
          },
          {
            "name": "[oss-security] 20231225 Re: Re: New SMTP smuggling attack",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/12/25/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=1218351"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255869"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-51765"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11782.html"
          },
          {
            "name": "[oss-security] 20231226 Re: New SMTP smuggling attack",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/12/26/5"
          },
          {
            "name": "[oss-security] 20231229 Re: Re: New SMTP smuggling attack",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/12/29/5"
          },
          {
            "name": "[oss-security] 20231230 Re: Re: New SMTP smuggling attack",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/12/30/3"
          },
          {
            "name": "[oss-security] 20231230 Re: Re: New SMTP smuggling attack",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/12/30/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.youtube.com/watch?v=V8KPV96g1To"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lwn.net/Articles/956533/"
          },
          {
            "name": "[debian-lts-announce] 20240615 [SECURITY] [DLA 3829-1] sendmail security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00004.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports \u003cLF\u003e.\u003cCR\u003e\u003cLF\u003e but some other popular e-mail servers do not. This is resolved in 8.18 and later versions with \u0027o\u0027 in srv_features."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-15T09:05:58.617529",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/"
        },
        {
          "url": "https://www.openwall.com/lists/oss-security/2023/12/22/7"
        },
        {
          "url": "https://www.openwall.com/lists/oss-security/2023/12/21/7"
        },
        {
          "url": "https://github.com/freebsd/freebsd-src/commit/5dd76dd0cc19450133aa379ce0ce4a68ae07fb39#diff-afdf514b32ac88004952c11660c57bc96c3d8b2234007c1cbd8d7ed7fd7935cc"
        },
        {
          "name": "[oss-security] 20231224 Re: Re: New SMTP smuggling attack",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/12/24/1"
        },
        {
          "name": "[oss-security] 20231225 Re: Re: New SMTP smuggling attack",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/12/25/1"
        },
        {
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=1218351"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255869"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2023-51765"
        },
        {
          "url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11782.html"
        },
        {
          "name": "[oss-security] 20231226 Re: New SMTP smuggling attack",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/12/26/5"
        },
        {
          "name": "[oss-security] 20231229 Re: Re: New SMTP smuggling attack",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/12/29/5"
        },
        {
          "name": "[oss-security] 20231230 Re: Re: New SMTP smuggling attack",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/12/30/3"
        },
        {
          "name": "[oss-security] 20231230 Re: Re: New SMTP smuggling attack",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/12/30/1"
        },
        {
          "url": "https://www.youtube.com/watch?v=V8KPV96g1To"
        },
        {
          "url": "https://lwn.net/Articles/956533/"
        },
        {
          "name": "[debian-lts-announce] 20240615 [SECURITY] [DLA 3829-1] sendmail security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00004.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-51765",
    "datePublished": "2023-12-24T00:00:00",
    "dateReserved": "2023-12-24T00:00:00",
    "dateUpdated": "2024-08-02T22:48:11.197Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-51765\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2023-12-24T06:15:07.527\",\"lastModified\":\"2024-06-15T09:15:11.253\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports \u003cLF\u003e.\u003cCR\u003e\u003cLF\u003e but some other popular e-mail servers do not. This is resolved in 8.18 and later versions with \u0027o\u0027 in srv_features.\"},{\"lang\":\"es\",\"value\":\"sendmail hasta al menos 8.14.7 permite el contrabando SMTP en ciertas configuraciones. Los atacantes remotos pueden utilizar una t\u00e9cnica de explotaci\u00f3n publicada para inyectar mensajes de correo electr\u00f3nico que parecen originarse en el servidor sendmail, lo que permite omitir un mecanismo de protecci\u00f3n SPF. Esto ocurre porque sendmail admite . pero algunos otros servidores de correo electr\u00f3nico populares no lo hacen.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-345\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sendmail:sendmail:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.18.0.2\",\"matchCriteriaId\":\"CEE597E4-93EE-4D07-8698-5F43E45BCB37\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.0\",\"matchCriteriaId\":\"A57DF1BC-3B6C-419A-9355-BC20E1D95347\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F6FB57C-2BC7-487C-96DD-132683AEB35D\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2023/12/24/1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/12/25/1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/12/26/5\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/12/29/5\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/12/30/1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/12/30/3\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/security/cve/CVE-2023-51765\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2255869\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.suse.com/show_bug.cgi?id=1218351\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11782.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Technical Description\"]},{\"url\":\"https://github.com/freebsd/freebsd-src/commit/5dd76dd0cc19450133aa379ce0ce4a68ae07fb39#diff-afdf514b32ac88004952c11660c57bc96c3d8b2234007c1cbd8d7ed7fd7935cc\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/06/msg00004.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lwn.net/Articles/956533/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"https://www.openwall.com/lists/oss-security/2023/12/21/7\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.openwall.com/lists/oss-security/2023/12/22/7\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.youtube.com/watch?v=V8KPV96g1To\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...
  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.