[exim-dev] [Bug 3063] "SMTP Smuggling" attack

Top Page
Delete this message
Reply to this message
Author: Exim Bugzilla
Date:  
To: exim-dev
Old-Topics: [exim-dev] [Bug 3063] New: Partially vulnerable to "SMTP Smuggling" if pipelining is enabled
Subject: [exim-dev] [Bug 3063] "SMTP Smuggling" attack
https://bugs.exim.org/show_bug.cgi?id=3063

--- Comment #13 from Simon Arlott <bugzilla.exim.simon@???> ---
(In reply to Simon Arlott from comment #7)
> > Dec 2023: getting a site to send a body including an "LF . LF" sequence
> > followed by SMTP commands is a possible "smtp smuggling" attack. If
> > the first (header) line for the message has a proper CRLF then enforce
> > that for the body: convert bare LF to a space.
>
> I expect that converting <LF> to a space is going to lead to further
> security or interoperability problems because it will mean Exim will merge
> two lines in a <CRLF>-based message if there's an <LF> in the middle of
> them, potentially changing the meaning of the message by merging two or more
> header lines together or merging the body with the headers.
>
> Can't it just accept the message as-is, using dot duplication if the entire
> line is "."?


Jeremy, you've still not explained why Exim is now changing message content
like this. Postfix and Sendmail don't do it.

--
You are receiving this mail because:
You are on the CC list for the bug.

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-dev.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-dev-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/