CVE-2023-51766 · Exim before 4.97.1

01 · The Real Story

This is a counterfeit postage stamp, not a crowbar through the data center door

CVE-2023-51766 is an SMTP smuggling flaw in Exim affecting all versions up to 4.97 inclusive and fixed in 4.97.1. Under a specific set of conditions—most importantly when the inbound Exim server advertises both PIPELINING and CHUNKING, the sender uses DATA rather than BDAT, and the upstream relay preserves a malformed line-ending sequence—an attacker can smuggle a second mail transaction inside the body of the first. The result is spoofed e-mail acceptance with SPF bypass characteristics, not host compromise.

The vendor's MEDIUM 5.3 is a bit generous in practice. CVSS sees 'unauthenticated network' and stops there; reality adds multiple compounding friction points: the target must be an exposed Exim MTA, the config must advertise both required SMTP extensions, the attacker needs a compatible upstream relay path, and the payoff is limited to message integrity/phishing amplification rather than code execution, privilege gain, or mailbox/database takeover.

"Internet-reachable, yes—but this is a narrow mail-flow spoofing bug, not a server-takeover event."

02 · The Attack Path

5 steps from start to impact.

STEP 01

Find an exposed Exim listener

The attacker locates a public SMTP service running Exim, usually on TCP/25 or submission ports, and fingerprints capabilities with a basic EHLO. Commodity tooling like swaks or the SMTP-Smuggling-Tools project is enough for capability probing.

Conditions required:

Internet-reachable Exim service
Banner or protocol fingerprinting allowed
SMTP listener accepts inbound sessions

Where this breaks in practice:

Many enterprises do not expose Exim directly to the Internet
Banner/version alone is insufficient; capability testing is required
Secure mail gateways or front-end relays may terminate SMTP before Exim

Detection/coverage: External scanners can usually identify Exim banners, but cannot reliably prove exploitability without checking runtime EHLO capabilities and mail-flow behavior.

STEP 02

Confirm the vulnerable protocol mix

The attacker must see the server advertise both PIPELINING and CHUNKING, because the documented exploit chain depends on that combination. They also need the transaction to land in the DATA path rather than BDAT, which narrows viable sender paths.

Conditions required:

PIPELINING enabled on incoming connections
CHUNKING enabled on incoming connections
Mail path uses DATA fallback instead of BDAT

Where this breaks in practice:

If either PIPELINING or CHUNKING is disabled, the documented smuggling path breaks
Some upstream MTAs prefer BDAT, which avoids the vulnerable DATA delimiter interpretation
Mail security appliances may normalize or reject malformed line endings

Detection/coverage: Version scanners miss this. A protocol-aware probe is required to read EHLO capabilities and validate the DATA path.

STEP 03

Use a compatible upstream relay to preserve the malformed sequence

The attacker sends mail through an outbound SMTP service or relay that does not sanitize the key malformed end-of-data sequence, such as the variants documented by SEC Consult. This is the hardest real-world prerequisite because exploitability depends on two implementations disagreeing about message boundaries.

Conditions required:

Access to an outbound relay/provider that preserves the smuggling sequence
Ability to craft raw SMTP content with malformed line endings
Receiving path does not normalize the payload first

Where this breaks in practice:

Most MTAs sanitize, encode, dot-stuff, or reject problematic sequences
Finding a sender/receiver pair that disagrees in the right way is non-trivial
Defender-operated relays often add content hygiene that kills the exploit

Detection/coverage: Hard to detect pre-delivery with host scanners; best coverage comes from mail-flow testing and SMTP telemetry at the gateway.

STEP 04

Inject a second SMTP transaction inside message data

Using tools such as swaks or SMTP-Smuggling-Tools, the attacker embeds MAIL FROM / RCPT TO commands after a crafted line-ending sequence. Vulnerable Exim interprets the first message as ended and parses the remaining bytes as a new SMTP command stream.

Conditions required:

Crafted payload reaches Exim unchanged
Exim interprets <LF>.<CR><LF>-style sequence as end-of-data in this path
Server continues processing subsequent bytes as SMTP commands

Where this breaks in practice:

Malformed SMTP content is noisy and may trip protocol anomaly logging
Receiving controls may quarantine or rewrite the resulting mail
Exploit success often requires repeated tuning for the specific sender/receiver pair

Detection/coverage: SMTP transaction logs and packet captures may show unexpected command desynchronization, but most vuln scanners do not test this safely.

STEP 05

Land a spoofed message that may pass SPF-alignment checks

If the chain works, Exim accepts a second message with a spoofed sender that appears to inherit trust from the upstream relay path. The practical outcome is phishing or message spoofing leverage, not code execution on the mail server.

Conditions required:

Target recipient accepts the smuggled message
Downstream anti-spoofing controls do not block on DMARC, DKIM, content, or reputation
Organization trusts SPF outcomes too heavily

Where this breaks in practice:

DMARC enforcement, content filtering, and user/reporting controls still reduce impact
This does not grant shell access, mailbox access, or domain admin rights
Blast radius is usually limited to affected inbound mail handling for that Exim deployment

Detection/coverage: Mail security products may catch the delivered phish, but infrastructure scanners generally stop at 'potentially affected version'.

03 · Intelligence Metadata

The supporting signals.

In-the-wild status	No strong evidence of active exploitation found in authoritative sources reviewed; not listed in CISA KEV.
Proof-of-concept availability	Yes, practical tooling exists. SEC Consult published the technique and later pointed defenders to official testing tools on GitHub; the public SMTP-Smuggling-Tools repo makes validation straightforward.
EPSS	0.01642 (~1.6% probability over 30 days, per user-supplied intel), which is low and consistent with the narrow prerequisite chain.
KEV status	No KEV listing as of the sources reviewed.
CVSS vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N` — vendor scoring captures remote reachability but only low integrity impact; that matches the fact that this is a spoofing/validation-bypass issue, not host compromise.
Affected versions	Upstream Exim says all versions up to 4.97 inclusive are affected, but only in the documented `PIPELINING` + `CHUNKING` + `DATA` conditions.
Fixed versions	Upstream fixes are 4.97.1 and later. Major distros also shipped backports, including Debian buster `4.92-8+deb10u9`, bullseye `4.94.2-7+deb11u2`, bookworm `4.96-15+deb12u4`, and Ubuntu jammy `4.95-4ubuntu2.5`, focal `4.93-13ubuntu1.10`.
Scanning / exposure reality	Exim is widely deployed on Internet-facing SMTP, but raw exposure counts overstate risk here because banner/version scans cannot tell whether both required capabilities are advertised or whether the upstream mail path preserves the malformed sequence.
Disclosure	Publicly disclosed 2023-12-24; the underlying SMTP smuggling research was published by SEC Consult / Timo Longin in December 2023.
Detection quality	Most VM platforms will flag version-only. That is useful for inventory, but insufficient for exploitability because runtime SMTP extensions and actual mail-flow behavior decide whether this CVE is reachable.

04 · The Call

noisgate verdict.

Final Verdict

↓ DOWNGRADED to LOW (3.9/10)

The decisive factor is that exploitation requires a very specific mail path, not just an exposed Exim host: vulnerable inbound capabilities, a compatible upstream relay, and the DATA path all have to line up. Even when they do, the outcome is spoofed message acceptance rather than server takeover, which caps blast radius well below what most teams mean by an urgent internet-facing mail-server bug.

HIGH Technical exploit prerequisites and affected upstream versions

MEDIUM Real-world exposure rate of the exact `PIPELINING` + `CHUNKING` configuration

HIGH No current KEV / no authoritative active-exploitation signal in reviewed sources

Why this verdict

Downgraded for compound prerequisites: this is not 'send one packet, own the box.' The attacker needs an exposed Exim listener, both required SMTP extensions enabled, a DATA-based path, and an upstream relay that preserves the malformed delimiter.
Impact is bounded: successful exploitation yields spoofing / SPF-bypass style integrity impact, not RCE, credential theft from the host, mailbox dump, or privilege escalation on the MTA.
Detection and surrounding controls help: DMARC enforcement, secure mail gateways, anti-phish filtering, and protocol normalization frequently break or blunt the attack before it becomes a successful delivered phish.

Why not higher?

If this were a straight unauthenticated RCE on a public mail server, the exposure pattern alone would justify HIGH or CRITICAL. It is not. The protocol mismatch requirement means a large share of nominally affected hosts will never see a working exploit chain in real deployments.

Why not lower?

This is still an internet-reachable mail trust bug on a high-value control point, and a successful exploit can materially improve phishing success by landing spoofed messages that appear more trustworthy. If you run exposed Exim MX infrastructure, this is worth fixing; it just does not deserve emergency-server-compromise treatment.

05 · Compensating Control

What to do — in priority order.

Disable CHUNKING or PIPELINING on inbound Exim — This is the upstream-documented workaround and directly breaks the published smuggling chain. For a LOW verdict there is no mitigation SLA (treat as backlog hygiene), so do this in the next normal mail change window if you cannot patch promptly.
Enforce DMARC reject/quarantine where business-ready — This does not fix Exim, but it reduces the delivered value of spoofed messages by making downstream acceptance less dependent on SPF alone. For a LOW verdict there is no mitigation SLA (treat as backlog hygiene); schedule it as part of normal mail-auth hardening.
Test exposed MX hosts with protocol-aware validation — Run an EHLO capability check and a safe SMTP smuggling test against public-facing mail servers so you can separate noisy version findings from actually reachable exposure. For a LOW verdict there is no mitigation SLA (treat as backlog hygiene); complete this during the next exposure review cycle.
Prefer front-end normalization at the mail edge — If you run gateways or relays in front of Exim, make sure they normalize or reject malformed SMTP line endings before traffic reaches the backend MTA. For a LOW verdict there is no mitigation SLA (treat as backlog hygiene); handle in normal gateway policy maintenance.

What doesn't work

Version-only vulnerability scanning doesn't tell you whether the required PIPELINING and CHUNKING conditions exist or whether the sender path is usable.
EDR on the mail host is largely irrelevant because this CVE does not need post-exploit process execution on the server.
SPF alone is exactly the trust assumption this technique aims to sidestep; relying on SPF without strong DMARC posture does not meaningfully mitigate the delivered-mail risk.

06 · Verification

Crowdsourced verification payload.

Run this on the target Exim host or from an auditor workstation that can reach the server's SMTP port. Invoke it as bash verify-cve-2023-51766.sh 127.0.0.1 25 or bash verify-cve-2023-51766.sh mail.example.com 25; no root is required, but local package checks work best on the target host.

noisgate-verify.sh

BASHREAD-ONLYSAFE

#!/usr/bin/env bash
# verify-cve-2023-51766.sh
# Check likely exposure to CVE-2023-51766 (Exim SMTP smuggling)
# Exit codes: 0 PATCHED, 1 VULNERABLE, 2 UNKNOWN

set -u
HOST="${1:-127.0.0.1}"
PORT="${2:-25}"

say() { printf '%s\n' "$*"; }
ver_ge() { [ "$(printf '%s\n%s\n' "$2" "$1" | sort -V | head -n1)" = "$2" ]; }

get_exim_version() {
  if command -v exim >/dev/null 2>&1; then
    exim -bV 2>/dev/null | awk '/^Exim version/ {print $3; exit}'
    return 0
  fi
  return 1
}

check_local_backport() {
  # Debian/Ubuntu package-based backport checks.
  if command -v dpkg-query >/dev/null 2>&1; then
    pkgver=$(dpkg-query -W -f='${Version}' exim4-base 2>/dev/null || true)
    if [ -n "$pkgver" ]; then
      case "$pkgver" in
        4.92-8+deb10u9*|4.92-8+deb10u1[0-9]*|4.92-8+deb10u[9-9]*) return 10 ;;
        4.94.2-7+deb11u[2-9]*|4.94.2-7+deb11u1[0-9]*) return 10 ;;
        4.96-15+deb12u[4-9]*|4.96-15+deb12u1[0-9]*) return 10 ;;
        4.95-4ubuntu2.5*|4.95-4ubuntu2.[6-9]*|4.95-4ubuntu2.1[0-9]*) return 10 ;;
        4.93-13ubuntu1.10*|4.93-13ubuntu1.1[1-9]*|4.93-13ubuntu1.[2-9][0-9]*) return 10 ;;
        4.90.1-1ubuntu1.10+esm3*|4.90.1-1ubuntu1.10+esm[4-9]*|4.90.1-1ubuntu1.1[1-9]*|4.90.1-1ubuntu1.[2-9][0-9]*) return 10 ;;
        4.86.2-2ubuntu2.6+esm6*|4.86.2-2ubuntu2.6+esm[7-9]*|4.86.2-2ubuntu2.[7-9]*|4.86.2-2ubuntu2.1[0-9]*) return 10 ;;
      esac
    fi
  fi
  return 11
}

smtp_ehlo_caps() {
  local host="$1" port="$2"
  if command -v nc >/dev/null 2>&1; then
    {
      printf 'EHLO verifier.example\r\nQUIT\r\n'
      sleep 1
    } | nc -w 5 "$host" "$port" 2>/dev/null
    return $?
  elif command -v timeout >/dev/null 2>&1; then
    timeout 5 bash -c "exec 3<>/dev/tcp/$host/$port; printf 'EHLO verifier.example\r\nQUIT\r\n' >&3; cat <&3" 2>/dev/null
    return $?
  fi
  return 99
}

LOCAL_EXIM_VER=""
if LOCAL_EXIM_VER=$(get_exim_version); then
  :
fi

if check_local_backport; rc=$?; [ "$rc" -eq 10 ]; then
  say "PATCHED: local package version is a known distro-fixed/backported Exim build"
  exit 0
fi

EHLO_OUT=$(smtp_ehlo_caps "$HOST" "$PORT" || true)
if [ -z "$EHLO_OUT" ]; then
  if [ -n "$LOCAL_EXIM_VER" ] && ver_ge "$LOCAL_EXIM_VER" "4.97.1"; then
    say "PATCHED: local Exim version $LOCAL_EXIM_VER is >= 4.97.1"
    exit 0
  fi
  say "UNKNOWN: could not retrieve SMTP capabilities from $HOST:$PORT"
  exit 2
fi

HAS_PIPELINING=0
HAS_CHUNKING=0
printf '%s\n' "$EHLO_OUT" | grep -qi 'PIPELINING' && HAS_PIPELINING=1
printf '%s\n' "$EHLO_OUT" | grep -qi 'CHUNKING' && HAS_CHUNKING=1

if [ -n "$LOCAL_EXIM_VER" ] && ver_ge "$LOCAL_EXIM_VER" "4.97.1"; then
  say "PATCHED: local Exim version $LOCAL_EXIM_VER is >= 4.97.1"
  exit 0
fi

if [ -n "$LOCAL_EXIM_VER" ]; then
  if [ "$HAS_PIPELINING" -eq 1 ] && [ "$HAS_CHUNKING" -eq 1 ]; then
    say "VULNERABLE: Exim version $LOCAL_EXIM_VER appears < 4.97.1 and SMTP advertises both PIPELINING and CHUNKING"
    exit 1
  else
    say "UNKNOWN: Exim version $LOCAL_EXIM_VER appears < 4.97.1, but SMTP does not advertise both PIPELINING and CHUNKING; config may already mitigate this CVE"
    exit 2
  fi
fi

# No local version available; rely on capabilities only.
if [ "$HAS_PIPELINING" -eq 1 ] && [ "$HAS_CHUNKING" -eq 1 ]; then
  say "UNKNOWN: target advertises both PIPELINING and CHUNKING, but local Exim version/package data is unavailable"
  exit 2
fi

say "UNKNOWN: insufficient evidence to determine exposure conclusively"
exit 2

07 · Bottom Line

If you remember one thing.

TL;DR

Monday morning: inventory every public-facing Exim MX/submission host, then separate version-only findings from actually exposed configurations by checking whether EHLO advertises both PIPELINING and CHUNKING. For this LOW verdict there is no noisgate mitigation SLA — treat as backlog hygiene, so if you need a temporary hedge, disable one of those capabilities in the next normal mail change window; then apply the real vendor fix or distro backport in your regular MTA maintenance cycle, because the noisgate remediation SLA for LOW is no SLA (backlog hygiene) rather than an emergency patch event.

Sources

Peer Review

What defenders are saying.

Submit a review attribution: handle + country only

0 flags selected · stored anonymously

Validation Results

Crowdsourced verification outputs.

Results submitted by users who ran the verification payload against their environment.