Advisory No: TZCERT/SA/2023/01/08

Date of First Release: 8^th January 2024

Source: SMTP servers

Software Affected: POSTFIX in SMTP

Overview:

The vulnerability exists because a flaw was found in some SMTP server configurations in Postfix. This issue may allow a remote attacker to break out of the email message data to “smuggle” SMTP commands and send spoofed emails that pass SPF checks.

Description:

By exploiting interpretation differences of the SMTP protocol, it is possible to smuggle/send spoofed e-mails – hence SMTP smuggling – while still passing SPF alignment checks.

Through exploiting variations in the interpretation of the SMTP protocol, it becomes feasible to transmit or send spoofed e-mails, a phenomenon known as SMTP smuggling, while still passing SPF alignment checks.

During this research, two types of SMTP smuggling, outbound and inbound, were discovered. These allowed sending spoofed e-mails from millions of domains (e.g., admin[@]outlook.com) to millions of receiving SMTP servers.

Impact:

Successful exploitation of this vulnerability may allow a remote attacker to break out of the email message data to “smuggle” SMTP commands and send spoofed emails that pass SPF checks.

Solution:

A workaround for this vulnerability has been released. Users and administrators are encouraged to apply necessary updates.

Workaround: https://bugzilla.redhat.com/show_bug.cgi?id=2255563

References:

1. https://www.postfix.org/smtp-smuggling.html
2. https://bugzilla.redhat.com/show_bug.cgi?id=2255563
3. https://www.mail-archive.com/postfix-users@postfix.org/msg100901.html

ZTE has released security updates to address vulnerabilities in ZTE Red Magic 8 Pro. Exploitation of these vulnerabilities may allow an attacker to gain escalated privilege.

Users and administrators are encouraged to review ZTE Security Advisories 1034444 and 1034404 and apply necessary updates.

Red Hat has released security updates to address vulnerabilities in squid, golang, opentelemetry, glibc and thunderbird. Exploitation of these vulnerabilities may allow an attacker to take control of affected system.

Users and administrators are encouraged to review Red Hat Security Advisories RHSA-2024:0046, RHSA-2023:7831, RHSA-2024:0033 and RHSA-2024:0030 and apply necessary updates.

Dell has released security updates to address vulnerabilities in its multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of affected system.

Users and administrators are encouraged to review Dell Security Advisories dsa-2021-285, dsa-2023-459 and 000194414-dell and apply necessary updates.

Ubuntu has released security updates to address vulnerabilities in SQLite, OpenSSH, node.js and thunderbird. Exploitation of these vulnerabilities may allow an attacker to take control of affected system.

Users and administrators are encouraged to review Ubuntu Security Advisories USN-6566-1, USN-6565-1, USN-6564-1 and USN-6563-1 and apply necessary updates.