Bug 56988 - SMTP Smuggling through Postfix
Summary: SMTP Smuggling through Postfix
Status: CLOSED FIXED
Alias: None
Product: UCS
Classification: Unclassified
Component: Mail
Version: UCS 4.4
Hardware: Other Linux
: P5 normal
Target Milestone: UCS 4.4-9-errata
Assignee: Alexander Steffen
QA Contact: Tobias Wenzel
URL: https://git.knut.univention.de/univen...
Keywords:
Depends on: 56957
Blocks:
  Show dependency treegraph
 
Reported: 2024-01-16 15:54 CET by Tobias Wenzel
Modified: 2024-01-17 13:48 CET (History)
3 users (show)

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Customer ID:
Max CVSS v3 score: 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Tobias Wenzel univentionstaff 2024-01-16 15:54:06 CET 
+++ This bug was initially created as a clone of Bug #56957 +++

Our Postfix version is affected by CVE-2023-51764: https://security-tracker.debian.org/tracker/CVE-2023-51764

In the current configuration it is possible to spoof MAIL FROM (and bypassing SPF) by injecting a mail into another: https://www.postfix.org/smtp-smuggling.html

If I read that right there is a fix available, so we should patch our Postfix versions in UCS 5 and possibly 4.4 and release it.
Comment 1 Tobias Wenzel univentionstaff 2024-01-16 16:02:49 CET 
QA:

- code changes OK
- changelog OK
- advisory OK
- manual OK

-> waiting for jenkins to set verified.
Comment 2 Tobias Wenzel univentionstaff 2024-01-17 09:15:01 CET 
Package was built with

Package: univention-mail-postfix
Version: 13.0.5-2
Branch: ucs_4.4-0
Scope: errata4.4-9

-> jenkins jobs look good