oss-sec mailing list archives
Re: Re: New SMTP smuggling attack
From: Marcus Meissner <meissner () suse de>
Date: Sun, 24 Dec 2023 10:33:37 +0100
On Sat, Dec 23, 2023 at 02:29:34PM +0200, Valtteri Vuorikoski wrote:
On Fri, Dec 22, 2023 at 11:46:48AM +0100, Marcus Meissner wrote:Hi, FWIW as no CVEs were to be found yet, I filed a CVE request for Postfix now. Not sure if we need it for others like sendmail too, as that is also referenced by the security researchers.Looks like exim opened a bug on this yesterday too, no sign of CVE yet: <https://bugs.exim.org/show_bug.cgi?id=3063>
CVEs are assigned now for: - CVE-2023-51764 postfix - CVE-2023-51765 sendmail - CVE-2023-51766 exim Ciao, Marcus
Current thread:
- Re: Re: New SMTP smuggling attack, (continued)
- Re: Re: New SMTP smuggling attack Stuart Henderson (Dec 22)
- Re: Re: New SMTP smuggling attack Marcus Meissner (Dec 22)
- Re: Re: New SMTP smuggling attack Erik Auerswald (Dec 22)
- Re: Re: New SMTP smuggling attack Rodrigo Freire (Dec 22)
- Re: Re: New SMTP smuggling attack Alexander E. Patrakov (Dec 22)
- Re: Re: New SMTP smuggling attack Erik Auerswald (Dec 22)
- Re: Re: New SMTP smuggling attack Stuart D Gathman (Dec 22)
- Re: Re: New SMTP smuggling attack Harry Sintonen (Dec 22)
- Re: Re: New SMTP smuggling attack Bjoern Franke (Dec 22)
- Re: Re: New SMTP smuggling attack Valtteri Vuorikoski (Dec 23)
- Re: Re: New SMTP smuggling attack Marcus Meissner (Dec 24)
- Re: Re: New SMTP smuggling attack kai (Dec 25)
- Re: New SMTP smuggling attack Claus Assmann (Dec 26)
- Re: Re: New SMTP smuggling attack Alan Coopersmith (Dec 29)
- Re: Re: New SMTP smuggling attack Marcus Meissner (Dec 30)
- Re: Re: New SMTP smuggling attack Claus Assmann (Dec 30)