Cybersecurity
DevOps Cloud
IT Operations Cloud
OpenText product name changes coming to the community soon! Learn more.
Secure Messaging Gateway 23.3.4
There are some mail systems allow SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports <LF>.<CR><LF> but some other popular e-mail servers do not.
The essence of the vulnerability is that some software inconsistently handled line endings. When getting a chunked conversation with the DATA section terminated by LF.CRLF or LF.LF they would not recognize the line ending and would not chunk the message and would not continue to scan and apply any spam or other filters. An attacker could then “smuggle” a second email through the software, bypassing security, and spam prevention. Some of those cited are:
Postfix through 3.8.4
Sendmail through 8.14.7
Exim before 4.97.1
The February update for SMG 23.3.4 will have the ability to allow people to enable 'anti-smuggling'. It's off by default, as we are not vulnerable, it's not the fault of SMG that sendmail/postfix/etc is vulnerable, however if a customer would like to make sure that all mail gets delivered, they will be able to enable this option.
This is in reference to CVE-2023-51765