myH2Oservers
Verified User
A (couple of) exploit(s) have been discovered in PHPmailer, which is used by many CMS/websites.
Initial report which is patched: https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html
New CVE since initial patch is still vulnerable: https://legalhackers.com/advisories...de-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html
Explaination for dummies: https://www.wordfence.com/blog/2016/12/phpmailer-vulnerability/
I am not sure how vulnerable a DirectAdmin system is, as Sendmail is being linked to Exim. Are we safe?*
*ofcourse PHPmailer must be updated, but it will be the difference in calling all affected website owners or sending them an email and give them a week to update.
Initial report which is patched: https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html
New CVE since initial patch is still vulnerable: https://legalhackers.com/advisories...de-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html
Explaination for dummies: https://www.wordfence.com/blog/2016/12/phpmailer-vulnerability/
I am not sure how vulnerable a DirectAdmin system is, as Sendmail is being linked to Exim. Are we safe?*
*ofcourse PHPmailer must be updated, but it will be the difference in calling all affected website owners or sending them an email and give them a week to update.