Advisory No: TZCERT/SA/2023/01/08
Date of First Release: 8th January 2024
Source: SMTP servers
Software Affected: POSTFIX in SMTP
Overview:
The vulnerability exists because a flaw was found in some SMTP server configurations in Postfix. This issue may allow a remote attacker to break out of the email message data to “smuggle” SMTP commands and send spoofed emails that pass SPF checks.
Description:
By exploiting interpretation differences of the SMTP protocol, it is possible to smuggle/send spoofed e-mails – hence SMTP smuggling – while still passing SPF alignment checks.
Through exploiting variations in the interpretation of the SMTP protocol, it becomes feasible to transmit or send spoofed e-mails, a phenomenon known as SMTP smuggling, while still passing SPF alignment checks.
During this research, two types of SMTP smuggling, outbound and inbound, were discovered. These allowed sending spoofed e-mails from millions of domains (e.g., admin[@]outlook.com) to millions of receiving SMTP servers.
Impact:
Successful exploitation of this vulnerability may allow a remote attacker to break out of the email message data to “smuggle” SMTP commands and send spoofed emails that pass SPF checks.
Solution:
A workaround for this vulnerability has been released. Users and administrators are encouraged to apply necessary updates.
Workaround: https://bugzilla.redhat.com/show_bug.cgi?id=2255563
References: