複数のSMTPプロトコル実装になりすましメールを送信される脆弱性「SMTP Smuggling」/深刻度は「MEDIUM」で「Postfix」、「Sendmail」、「Exim」に影響
In the course of a research project in collaboration with the SEC Consult Vulnerability Lab, Timo Longin (@timolongin) - known for his DNS protocol attacks - discovered a novel exploitation technique for yet another Internet protocol - SMTP (Simple Mail Transfer Protocol). Threat actors could abuse vulnerable SMTP servers worldwide to send malicious e-mails from arbitrary e-mail addresses, allowin
SMTP Smuggling
[An updated version of this text may be found at https://www.postfix.org/smtp-smuggling.html] Author: Wietse Venema Last update: January 22, 2024 Summary Days before a 10+ day holiday break and associated production change freeze, SEC Consult has published an email spoofing attack that involves a composition of email services with specific differences in the way they handle line endings other than
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
SMTP Smuggling - Spoofing E-Mails Worldwide