Postfix 3.2.8

CPE Details

Postfix 3.2.8
3.2.8
2019-09-27
10h57 +00:00
2019-09-27
10h57 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:postfix:postfix:3.2.8:*:*:*:*:*:*:*

Informations

Vendor

postfix

Product

postfix

Version

3.2.8

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-51764 2023-12-23 23h00 +00:00 Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in recent versions). Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Postfix supports . but some other popular e-mail servers do not. To prevent attack variants (by always disallowing without ), a different solution is required, such as the smtpd_forbid_bare_newline=yes option with a Postfix minimum version of 3.5.23, 3.6.13, 3.7.9, 3.8.4, or 3.9.
5.3
Medium