PHPMailer < 5.2.20

myH2Oservers

Verified User
Joined
Mar 13, 2006
Messages
246
Location
Netherlands
A(n) (couple of) exploit(s) have been discovered in PHPmailer, which is used by many CMS/websites.

Initial report which is patched: https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html
New CVE since initial patch is still vulnerable: https://legalhackers.com/advisories...de-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html
Explaination for dummies: https://www.wordfence.com/blog/2016/12/phpmailer-vulnerability/

I am not sure how vulnerable a DirectAdmin system is, as Sendmail is being linked to Exim. Are we safe?*
*ofcourse PHPmailer must be updated, but it will be the difference in calling all affected website owners or sending them an email and give them a week to update.
 
According the exploit description:
An attacker could pass the -X parameter of sendmail to write out a log file with arbitrary PHP code.

Exim command line docs:
-X <logfile>
This option is interpreted by Sendmail to cause debug information to be sent to the named file. It is ignored by Exim.

As far as i understand, this specific exploit (-X parameter) can not be abused on servers with Exim.

However, other parameters can/may be abused so a patch for PHPMailer is probably still necessary.
 
Back
Top