Bug 2255852 (CVE-2023-51766)

Summary: CVE-2023-51766 exim: SMTP smuggling vulnerability
Product: [Other] Security Response Reporter: Robb Gatica <rgatica>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was discovered in exim that allows a remote attacker to exploit a weakness in some SMTP server configurations. This makes it possible to break out of the email message data to "smuggle" SMTP commands and send spoofed emails which pass SPF checks.
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2255853, 2255854    
Bug Blocks: 2255562    

Description Robb Gatica 2023-12-25 20:01:38 UTC
Source: exim4
Version: 4.97-2
Severity: important
Tags: security upstream
Forwarded: https://bugs.exim.org/show_bug.cgi?id=3063
X-Debbugs-Cc: carnil, Debian Security Team <team.org>

Hi,

The following vulnerability was published for exim4.

CVE-2023-51766[0]:
| Exim through 4.97 allows SMTP smuggling in certain configurations.
| Remote attackers can use a published exploitation technique to
| inject e-mail messages that appear to originate from the Exim
| server, allowing bypass of an SPF protection mechanism. This occurs
| because Exim supports <LF>.<CR><LF> but some other popular e-mail
| servers do not.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-51766
    https://www.cve.org/CVERecord?id=CVE-2023-51766
[1] https://bugs.exim.org/show_bug.cgi?id=3063

Comment 1 Robb Gatica 2023-12-25 20:01:52 UTC
Created exim tracking bugs for this issue:

Affects: epel-all [bug 2255854]
Affects: fedora-all [bug 2255853]