SMTP Smuggling

2023-12-2612:49:06

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

postfix

smtp

vulnerability

exploitation

spf protection

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

6.7 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

65.3%

JSON

Postfix is vulnerable to SMTP smuggling. The vulnerability is caused due to support for . while handling line endings. A remote attacker can exploit this using published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. If Postfix is configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunkingconfiguration options (or certain other options that exist in recent versions), this attack is not possible.

CPENameOperatorVersion
postfix:sideq3.5.6-1
postfix:bustereq3.4.14-0+deb10u1
postfix:bullseyeeq3.5.6-1+b1
postfix:bullseyeeq3.5.6-1
postfix:bookwormeq3.5.6-1+b1
postfix:sideq3.5.6-1
postfix:bustereq3.4.14-0+deb10u1
postfix:bullseyeeq3.5.6-1+b1
postfix:bullseyeeq3.5.6-1
postfix:bookwormeq3.5.6-1+b1

Name	Operator	Version
postfix:sid	eq	3.5.6-1
postfix:buster	eq	3.4.14-0+deb10u1
postfix:bullseye	eq	3.5.6-1+b1
postfix:bullseye	eq	3.5.6-1
postfix:bookworm	eq	3.5.6-1+b1
postfix:sid	eq	3.5.6-1
postfix:buster	eq	3.4.14-0+deb10u1
postfix:bullseye	eq	3.5.6-1+b1
postfix:bullseye	eq	3.5.6-1
postfix:bookworm	eq	3.5.6-1+b1