all InfoSec news
VU#302671: SMTP end-of-data uncertainty can be abused to spoof emails and bypass policies
CERT Recently Published Vulnerability Notes kb.cert.org
Overview
A vulnerability has been found in the way that SMTP servers and software handle the end-of-data sequences (essentially the end of a single email message) in mail messages. An attacker can use this inconsistency to craft an email message that can bypass SMTP security policies.
Description
SMTP protocol (refer RFC 5321 and 5322), is an Internet based protocol for e-mail transmission and exchange. The SMTP protocol is used by multiple servers to relay emails as the email is …
attacker bypass can data email emails end found mail message messages policies security security policies servers single smtp software spoof uncertainty vulnerability