Bugzilla – Bug 1218387
VUL-0: CVE-2023-51766: exim: SMTP smuggling attack
Last modified: 2024-07-20 13:19:04 UTC
Exim through 4.97 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages that appear to originate from the Exim server, allowing bypass of an SPF protection mechanism. This occurs because Exim supports <LF>.<CR><LF> but some other popular e-mail servers do not. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51766
This is an autogenerated message for OBS integration: This bug (1218387) was mentioned in https://build.opensuse.org/request/show/1135763 Factory / exim
This is an autogenerated message for OBS integration: This bug (1218387) was mentioned in https://build.opensuse.org/request/show/1136495 Backports:SLE-15-SP5 / exim
openSUSE-SU-2024:0007-1: An update that fixes 7 vulnerabilities is now available. Category: security (important) Bug References: 1218387 CVE References: CVE-2022-3559,CVE-2023-42114,CVE-2023-42115,CVE-2023-42116,CVE-2023-42117,CVE-2023-42119,CVE-2023-51766 JIRA References: Sources used: openSUSE Backports SLE-15-SP5 (src): exim-4.97.1-bp155.5.9.1
This is an autogenerated message for OBS integration: This bug (1218387) was mentioned in https://build.opensuse.org/request/show/1187597 Backports:SLE-15-SP6 / exim