[exim-dev] [Bug 3063] "SMTP Smuggling" attack

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Exim Bugzilla
Fecha:  
A: exim-dev
Temas antiguos: [exim-dev] [Bug 3063] New: Partially vulnerable to "SMTP Smuggling" if pipelining is enabled
Asunto: [exim-dev] [Bug 3063] "SMTP Smuggling" attack
https://bugs.exim.org/show_bug.cgi?id=3063

Simon Arlott <bugzilla.exim.simon@???> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|FIXED                       |---
             Status|RESOLVED                    |REOPENED


--- Comment #7 from Simon Arlott <bugzilla.exim.simon@???> ---
> Dec 2023: getting a site to send a body including an "LF . LF" sequence
> followed by SMTP commands is a possible "smtp smuggling" attack. If
> the first (header) line for the message has a proper CRLF then enforce
> that for the body: convert bare LF to a space.


This still doesn't comply with RFC5321 because it allows <LF>.<LF> to end the
message if the first header line ends with <LF>.

I expect that converting <LF> to a space is going to lead to further security
or interoperability problems because it will mean Exim will merge two lines in
a <CRLF>-based message if there's an <LF> in the middle of them, potentially
changing the meaning of the message by merging two or more header lines
together or merging the body with the headers.

Can't it just accept the message as-is, using dot duplication if the entire
line is "."?

--
You are receiving this mail because:
You are on the CC list for the bug.

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-dev.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-dev-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/