cve/CVE-2023-51765.md at b8bb3913ae5ed6689c69f4d953bda7435b2f2da7

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports . but some other popular e-mail servers do not. This is resolved in 8.18 and later versions with 'o' in srv_features.

POC

Reference

https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/

Github

https://github.com/eeenvik1/CVE-2023-51764
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/hannob/smtpsmug
https://github.com/sagredo-dev/qmail

1.0 KiB Raw Blame History

CVE-2023-51765

Description

POC

Reference

Github

1.0 KiB

Raw Blame History