Bug 2255869 (CVE-2023-51765)

Summary: CVE-2023-51765 sendmail: SMTP smuggling vulnerability
Product: [Other] Security Response Reporter: Robb Gatica <rgatica>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: redhat-bugzilla
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: sendmail 8.18.0.2 Doc Type: ---
Doc Text:
A flaw was found in some SMTP server configurations in Sendmail. This issue may allow a remote attacker to break out of the email message data to "smuggle" SMTP commands and send spoofed emails that pass SPF checks.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2255870    
Bug Blocks: 2255562    

Description Robb Gatica 2023-12-25 22:05:17 UTC 
escription:
By exploiting interpretation differences of the SMTP protocol, it is possible to smuggle/send spoofed e-mails - hence SMTP smuggling - while still passing SPF alignment checks. During this research, two types of SMTP smuggling, outbound and inbound, were discovered. These allowed sending spoofed e-mails from millions of domains (e.g., admin[@]outlook.com) to millions of receiving SMTP servers (e.g., Amazon, PayPal, eBay). Identified vulnerabilities in Microsoft and GMX were quickly fixed, however, SEC Consult urges companies using the also affected Cisco Secure Email product to manually update their vulnerable default configuration. 

References:
https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/
Comment 1 Robb Gatica 2023-12-25 22:05:47 UTC 
Created sendmail tracking bugs for this issue:

Affects: fedora-all [bug 2255870]
Comment 3 Sandipan Roy 2024-01-04 11:08:07 UTC 
The Sendmail vulnerability allowing SMTP smuggling is deemed moderate due to its impact on SPF protection mechanisms and specific conditions for successful exploitation. SMTP smuggling involves manipulating the communication between mail servers to inject unauthorized messages. Exploiting this flaw involves a technique where remote attackers inject email messages with a spoofed MAIL FROM address. This manipulation allows them to bypass SPF protections because Sendmail supports the <LF>.<CR><LF> sequence, which some other popular email servers do not.

CVSSv3:  5.3/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N