oss-sec mailing list archives
Re: CVE Request: PHPMailer Message Injection Vulnerability
From: cve-assign () mitre org
Date: Fri, 4 Dec 2015 23:34:29 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.14 This release contains an important security update. Takeshi Terada discovered that PHPMailer accepted addresses containing line breaks.
Use CVE-2015-8476. Our understanding is that this is not the same as CVE-2012-0796, which is: https://git.moodle.org/gw?p=moodle.git;a=commit;h=62988bf0bbc73df655f51884aaf1f523928abff9 This is related to the same original codebase. The Moodle class.phpmailer.php file refers to Andy Prevost and Marcus Bointon, who are listed in the https://github.com/PHPMailer/PHPMailer/blob/master/README.md History section. However, 62988bf0bbc73df655f51884aaf1f523928abff9 is about the From and Sender headers. The change for PHPMailer 5.2.14 is: https://github.com/PHPMailer/PHPMailer/commit/6687a96a18b8f12148881e4ddde795ae477284b0 which mentions: Reject line breaks in addresses Reject line breaks in all commands and gives an attack string beginning with: \r\n RCPT TO:websec02 () d mbsd jp\r\n DATA \\\nSubject: spam This attack string suggests that "MAIL FROM" had already been sent. Thus, we think the "PHPMailer before 5.2.14" finding is a different vulnerability. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWYmkCAAoJEL54rhJi8gl5BrUQAJNkrgz/dEqZPZ2JLQ4z5ezr LXc82Js/NSxRSRuvSOAJPRT/M30fLjwpqRVdAo0Vi0Nqou1+UYCchPs5SydAIT3B yx9PVf973w1Q0Ee/3EaQZkCzeZQhCeNErTTKtnNuttW1LEqwo19ohcqZ0oTd0MyL /h1riUtP8L79/XDf13WPbOZDwei3OhLfvEog1fDsHFXUgzOFoK00cTbrHZSf3XkG a26hd8OkOPClYni8adl6mE20SrDJp02eJRgvqfQe9/JmHJDeNWDQ6q4Ok5XVWNUc 59bEOKq+VhaNru9+7M1rZWY2s48lra1cvKpGAvlWZgyCakpCg7kRS31JDHZuMzo3 9MGNrOyKFhLE1JWy8ug9YN/vG1eb8W19H7CA9Nz50aRagcIuyuerh+ljCMLfCdye /V65TyQck7JcRG1sgdg+fVSJhXqS/2Ri2FijHHVxA8dNcnp26J0F7uuwLMX9tPjP kU1/3Gum2noD/Zfh5Gv5HASjSRoCtQzmaPKJfNwZeb4Qv188Rfyi5722mARMo5G8 kSjaDEz2bsNA3D1LbcQBdilRe+KcyyC3zG1ocfBO345F06o5KvwJsWXu8Zv1Bmy4 BU6R1sjGU4ntIZDyPxMVL19wM4wFY69JXJoW50NR6iE7sPo+XW/nhqlVdL9vaWie q762sA15AGFoDFckU/Aq =ATt/ -----END PGP SIGNATURE-----
Current thread:
- CVE Request: PHPMailer Message Injection Vulnerability Gsunde Orangen (Dec 04)
- Re: CVE Request: PHPMailer Message Injection Vulnerability cve-assign (Dec 04)