Mageia 9: MGASA-2024-0270 Moderate: Sendmail SMTP Spoofing Threat

mageia

July 16, 2024

sendmail through 8.17.2 allows SMTP smuggling in certain configurations

Summary

sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports . but some other popular e-mail servers do not. This is resolved in 8.18 and later versions with 'o' in srv_features. (CVE-2023-51765)

References

- https://bugs.mageia.org/show_bug.cgi?id=32700

- https://www.openwall.com/lists/oss-security/2023/12/21/6

- https://www.openwall.com/lists/oss-security/2023/12/26/5

- https://www.cve.org/CVERecord?id=CVE-2023-51765

Topics Covered

security advisory sendmail email spoofing SMTP exploitation technique Mageia SPF bypass

Resolution

SRPMS

- 9/core/sendmail-8.17.1-4.1.mga9

Publication date: 16 Jul 2024

URL: https://advisories.mageia.org/MGASA-2024-0270.html

Type: security

CVE: CVE-2023-51765

Topics Covered

security advisory sendmail email spoofing SMTP exploitation technique Mageia SPF bypass

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Mageia 9: MGASA-2024-0270 Moderate: Sendmail SMTP Spoofing Threat

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Mageia 9: MGASA-2024-0270 Moderate: Sendmail SMTP Spoofing Threat

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!