Am 01.01.2024 um 17:58:47 Uhr schrieb Gellner, Oliver via mailop: > The vulnerability is not super critical, but it has been fixed only > for a very small subset of affected systems. All kind of MTAs from > Postfix to Sendmail, Exim and various proprietary systems are > affected and the vulnerability generally remains unfixed until the > administrators adjust the configuration of their system.
IIRC it can only be exploited if 2 MTAs at one site treat CRLF and LF differently. If all MTAs handle it the same way, it is not possible to abuse it. Another situation could occur if one MTA (MX) accepts an message and ignores LF, then forwards it to another external one (vacation, aliases) that treats LF.LF as the DATA ending. That could be used to allow unauthenticated relaying too, although the recipients are limited to the MX servers of the RHS of the alias/forward. It can also be used to create bounces in that case. At least for sendmail, a fix is available in the current snapshot, but the fix is just an additional feature (srv_features) that changes it it, so it only accepts CRLF. _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
