Timo Longin

**Name of the Vulnerable Software and Affected Versions** Apache James versions prior to 3.8.1 and 3.7.5 **Description** A lenient behavior in line delimiter handling might create a difference of interpretation between the sender and the receiver, which can be exploited by an attacker to forge an SMTP envelope, allowing for instance to bypass SPF checks. The issue is related to the enforcement of CRLF as a line delimiter as part of the DATA transaction. **Recommendations** For versions prior to 3.8.1, upgrade to version 3.8.1 or later. For versions prior to 3.7.5, upgrade to version 3.7.5 or later.

**Name of the Vulnerable Software and Affected Versions** sendmail versions 8.14.7 through 8.17.2 **Description** The issue allows SMTP smuggling in certain configurations, enabling remote attackers to inject e-mail messages with a spoofed MAIL FROM address. This bypasses an SPF protection mechanism because sendmail supports <LF>.<CR><LF> while other popular e-mail servers do not. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. Technical details about exploitation include the use of a published exploitation technique to inject e-mail messages. The `MAIL FROM` address can be spoofed, allowing attackers to bypass security mechanisms. **Recommendations** For sendmail versions 8.14.7 through 8.17.2, update to version 8.18 or later, which includes 'o' in srv features to resolve the issue. At the moment, there is no other information about additional mitigation measures for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Exim versions prior to 4.97.1 **Description** The issue allows SMTP smuggling in certain configurations, enabling remote attackers to inject e-mail messages with a spoofed MAIL FROM address. This can bypass an SPF protection mechanism due to Exim's support for `<LF>.<CR><LF>`, which some other popular e-mail servers do not support. The exploitation technique can be used to send hidden HTTP requests, effectively allowing attackers to circumvent security policies. Approximately 15,749,391 results are mainly distributed in the United States, Germany, and other countries. **Recommendations** For Exim versions prior to 4.97.1, update to version 4.97.1 or later to address the SMTP smuggling issue. As a temporary workaround, consider restricting the use of the `<LF>.<CR><LF>` sequence in Exim configurations to minimize the risk of exploitation. Avoid using configurations that allow SMTP smuggling until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Postfix versions 3.5.23 through 3.8.5 Postfix versions prior to 3.9 **Description** The issue is related to insufficient validation of line endings in the Postfix smtpd daemon, allowing remote attackers to bypass security restrictions and perform email spoofing attacks, such as SMTP Smuggling. This can be exploited by injecting email messages with a spoofed MAIL FROM address, bypassing SPF protection mechanisms. The vulnerability occurs because Postfix supports `<LF>.<CR><LF>` while other popular email servers do not. **Recommendations** For Postfix versions 3.5.23 through 3.8.4, consider configuring `smtpd data restrictions=reject unauth pipelining` and `smtpd discard ehlo keywords=chunking` to prevent SMTP smuggling. For Postfix versions 3.5.23, 3.6.13, 3.7.9, 3.8.4, or 3.9, consider setting `smtpd forbid bare newline=yes` to disallow `<LF>` without `<CR>`. As a temporary workaround, consider restricting access to the vulnerable smtpd daemon until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Xerox Altalink, Versalink, and WorkCentre products (affected versions not specified) **Description** The issue is related to a lack of measures to neutralize special elements used in an operating system command, allowing an attacker to execute arbitrary code in the device's operating system with root privileges by injecting a specially crafted command. This can be exploited remotely. The vulnerability has been reportedly exploited in real-world attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Connected Vehicle Systems Alliance (COVESA) dlt-daemon versions 2.18.8 and earlier **Description** An issue was discovered due to a faulty DLT file parser, allowing a crafted DLT file to crash the process. This is caused by missing validation checks, resulting in a heap-based buffer over-read of one byte. **Recommendations** For versions 2.18.8 and earlier, update to a version later than 2.18.8 to resolve the issue. As a temporary workaround, consider validating DLT files before processing them to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Connected Vehicle Systems Alliance (COVESA) dlt-daemon versions through 2.18.8 **Description** An issue was discovered due to a faulty DLT file parser, allowing a crafted DLT file to crash the process. This is caused by missing validation checks, resulting in a NULL pointer dereference. **Recommendations** For versions through 2.18.8, consider disabling the DLT file parser functionality until a patch is available to prevent potential crashes due to crafted DLT files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.