NGINX Open Source and NGINX Plus ngx_mail_smtp_module Memory Over-Read Vulnerability

A vulnerability exists in the ngx_mail_smtp_module of NGINX Open Source and NGINX Plus, allowing an unauthenticated attacker to over-read memory related to the SMTP authentication process. This could lead to the unintentional leakage of arbitrary bytes from requests sent to the authentication server. The vulnerability arises only if the module is included, the 'smtp_auth' directive is set to 'none', and the authentication server responds with the 'Auth-Wait' header.

Impact

Exploitation of this vulnerability could result in a memory over-read, allowing leakage of sensitive data from the NGINX SMTP authentication process.

Remediation

To address this vulnerability, remove the 'none' method from the 'smtp_auth' directive in the NGINX configuration. Replace 'none' with a suitable authentication method for your environment. After making the change, test the configuration for errors and reload NGINX. If using NGINX Plus, ensure to update to a version that includes the fix.