Project

General

Profile

Bug #6622

phpmailer: Remote Code Execution (CVE-2016-10033, CVE-2016-10045)

Added by Alicha CH over 2 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
-
Start date:
01/04/2017
Due date:
% Done:

100%

Estimated time:
(Total: 0.00 h)
Affected versions:
Security IDs:

Description

CVE-2016-10033:

The mailSend function in the isMail transport in PHPMailer before 5.2.18, when the Sender property is not set,
might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary
code via a \" (backslash double quote) in a crafted From address.

Fixed In Version:

phpmailer 5.2.18

Reference:

http://seclists.org/oss-sec/2016/q4/750

CVE-2016-10045:

The isMail transport in PHPMailer before 5.2.20, when the Sender property is not set, might allow remote attackers to pass extra parameters
to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and
internal escaping performed in the mail function. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-10033.

Fixed in Version:

phpmailer 5.2.20

Reference:

https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html


Subtasks

Bug #6623: [3.5] phpmailer: Remote Code Execution (CVE-2016-10033, CVE-2016-10045)ClosedTimo Teräs

Bug #6624: [3.4] phpmailer: Remote Code Execution (CVE-2016-10033, CVE-2016-10045)ClosedTimo Teräs

Bug #6625: [3.3] phpmailer: Remote Code Execution (CVE-2016-10033, CVE-2016-10045)ClosedTimo Teräs

Bug #6626: [3.2] phpmailer: Remote Code Execution (CVE-2016-10033, CVE-2016-10045)ClosedTimo Teräs

History

#1 Updated by Alicha CH over 2 years ago

  • Project changed from Alpine Security to Alpine Linux
  • Category set to Security
  • Status changed from New to Closed

Also available in: Atom PDF