CVE-2023-51766
Published: 24 December 2023
Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports <LF>.<CR><LF> but some other popular e-mail servers do not.
Priority
Status
Package | Release | Status |
---|---|---|
exim4 Launchpad, Ubuntu, Debian |
bionic |
Released
(4.90.1-1ubuntu1.10+esm3)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
focal |
Released
(4.93-13ubuntu1.10)
|
|
jammy |
Released
(4.95-4ubuntu2.5)
|
|
lunar |
Ignored
(end of life, was needs-triage)
|
|
mantic |
Released
(4.96-17ubuntu2.2)
|
|
trusty |
Needs triage
|
|
upstream |
Released
(4.97-3)
|
|
xenial |
Released
(4.86.2-2ubuntu2.6+esm6)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.3 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | Low |
Availability impact | None |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
References
- https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/
- https://www.openwall.com/lists/oss-security/2023/12/21/6
- https://exim.org/static/doc/security/CVE-2023-51766.txt
- https://git.exim.org/exim.git/commit/cf1376206284f2a4f11e32d931d4aade34c206c5
- https://git.exim.org/exim.git/commit/4596719398f6f2365bed563aafd757a6433ce7b4
- https://git.exim.org/exim.git/commit/5bb786d5ad568a88d50d15452aacc8404047e5ca
- https://ubuntu.com/security/notices/USN-6611-1
- https://www.cve.org/CVERecord?id=CVE-2023-51766
- NVD
- Launchpad
- Debian