oss-sec mailing list archives
Re: Re: New SMTP smuggling attack
From: kai <kai () hostland ru>
Date: Mon, 25 Dec 2023 21:27:37 +0300
Happy christmas list!If anyone needs patch for postfix's 3.3.0-1ubuntu0.4 smtpd_forbid_bare_newline feature it has been attached to this message
On 24/12/2023 12.33, Marcus Meissner wrote:
On Sat, Dec 23, 2023 at 02:29:34PM +0200, Valtteri Vuorikoski wrote:On Fri, Dec 22, 2023 at 11:46:48AM +0100, Marcus Meissner wrote:Hi, FWIW as no CVEs were to be found yet, I filed a CVE request for Postfix now. Not sure if we need it for others like sendmail too, as that is also referenced by the security researchers.Looks like exim opened a bug on this yesterday too, no sign of CVE yet: <https://bugs.exim.org/show_bug.cgi?id=3063>CVEs are assigned now for: - CVE-2023-51764 postfix - CVE-2023-51765 sendmail - CVE-2023-51766 exim Ciao, Marcus
Attachment:
smtp-smuggling33.patch
Description:
Current thread:
- Re: Re: New SMTP smuggling attack, (continued)
- Re: Re: New SMTP smuggling attack Marcus Meissner (Dec 22)
- Re: Re: New SMTP smuggling attack Erik Auerswald (Dec 22)
- Re: Re: New SMTP smuggling attack Rodrigo Freire (Dec 22)
- Re: Re: New SMTP smuggling attack Alexander E. Patrakov (Dec 22)
- Re: Re: New SMTP smuggling attack Erik Auerswald (Dec 22)
- Re: Re: New SMTP smuggling attack Stuart D Gathman (Dec 22)
- Re: Re: New SMTP smuggling attack Harry Sintonen (Dec 22)
- Re: Re: New SMTP smuggling attack Bjoern Franke (Dec 22)
- Re: Re: New SMTP smuggling attack Valtteri Vuorikoski (Dec 23)
- Re: Re: New SMTP smuggling attack Marcus Meissner (Dec 24)
- Re: Re: New SMTP smuggling attack kai (Dec 25)
- Re: New SMTP smuggling attack Claus Assmann (Dec 26)
- Re: Re: New SMTP smuggling attack Alan Coopersmith (Dec 29)
- Re: Re: New SMTP smuggling attack Marcus Meissner (Dec 30)
- Re: Re: New SMTP smuggling attack Claus Assmann (Dec 30)