Bug 1218387 (CVE-2023-51766)

Summary: VUL-0: CVE-2023-51766: exim: SMTP smuggling attack
Product: [openSUSE] openSUSE Distribution Reporter: SMASH SMASH <smash_bz>
Component: OtherAssignee: Security Team bot <security-team>
Status: NEW --- QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: meissner, wullinger
Version: Leap 15.6   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/389285/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description SMASH SMASH 2023-12-24 09:35:03 UTC 
Exim through 4.97 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages that appear to originate from the Exim server, allowing bypass of an SPF protection mechanism. This occurs because Exim supports <LF>.<CR><LF> but some other popular e-mail servers do not.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51766
Comment 1 OBSbugzilla Bot 2023-12-30 17:35:07 UTC 
This is an autogenerated message for OBS integration:
This bug (1218387) was mentioned in
https://build.opensuse.org/request/show/1135763 Factory / exim
Comment 2 OBSbugzilla Bot 2024-01-03 13:35:04 UTC 
This is an autogenerated message for OBS integration:
This bug (1218387) was mentioned in
https://build.opensuse.org/request/show/1136495 Backports:SLE-15-SP5 / exim
Comment 3 Marcus Meissner 2024-01-04 02:04:55 UTC 
openSUSE-SU-2024:0007-1: An update that fixes 7 vulnerabilities is now available.

Category: security (important)
Bug References: 1218387
CVE References: CVE-2022-3559,CVE-2023-42114,CVE-2023-42115,CVE-2023-42116,CVE-2023-42117,CVE-2023-42119,CVE-2023-51766
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP5 (src):    exim-4.97.1-bp155.5.9.1
Comment 4 OBSbugzilla Bot 2024-07-15 17:05:26 UTC 
This is an autogenerated message for OBS integration:
This bug (1218387) was mentioned in
https://build.opensuse.org/request/show/1187597 Backports:SLE-15-SP6 / exim