PT-2023-8127 · Postfix+8 · Postfix+8

Timo Longin

·

Published

2023-12-18

·

Updated

2025-03-17

·

CVE-2023-51764

CVSS v3.1

5.3

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Name of the Vulnerable Software and Affected Versions Postfix versions 3.5.23 through 3.8.5 Postfix versions prior to 3.9
Description The issue is related to insufficient validation of line endings in the Postfix smtpd daemon, allowing remote attackers to bypass security restrictions and perform email spoofing attacks, such as SMTP Smuggling. This can be exploited by injecting email messages with a spoofed MAIL FROM address, bypassing SPF protection mechanisms. The vulnerability occurs because Postfix supports <LF>.<CR><LF> while other popular email servers do not.
Recommendations For Postfix versions 3.5.23 through 3.8.4, consider configuring smtpd data restrictions=reject unauth pipelining and smtpd discard ehlo keywords=chunking to prevent SMTP smuggling. For Postfix versions 3.5.23, 3.6.13, 3.7.9, 3.8.4, or 3.9, consider setting smtpd forbid bare newline=yes to disallow <LF> without <CR>. As a temporary workaround, consider restricting access to the vulnerable smtpd daemon until a patch is available.

Exploit

Fix

UI Misrepresentation of Critical Information

Insufficient Verification of Data Authenticity

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-451CWE-345

Related Identifiers

ALSA-2024:9243
ALSA-2024_9243
ALT-PU-2024-7313
AZL-32296
AZL-35110
BDU:2024-00106
CVE-2023-51764
DLA-3725-1
ELSA-2024-9243
INFSA-2024_9243
MGASA-2024-0029
OPENSUSE-SU-2023_4981-1
OPENSUSE-SU-2024:13538-1
OPENSUSE-SU-2024_0012-1
RHSA-2024:9243
RHSA-2024_9243
RLSA-2024:9243
RLSA-2024_9243
ROSA-SA-2025-2591
SUSE-SU-2023:4981-1
SUSE-SU-2023_4981-1
SUSE-SU-2024:0012-1
SUSE-SU-2024:1149-1
SUSE-SU-2024_0012-1
SUSE-SU-2024_1149-1
USN-6591-1
USN-6591-2

Affected Products

Alt Linux
Almalinux
Linuxmint
Postfix
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu