Sysadmin PHPMailer

Jimmy · Dec 26, 2016

Interesting.

PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln

eva2000 · Dec 26, 2016

thanks for the heads up !

eva2000 · Dec 26, 2016

More at Santa Knows If Your Contact Form Uses PHPMailer < 5.2.18

Jimmy · Dec 26, 2016

I feel bad for all those Wordpress site owners who fail to update their software. That's going to be a mess.

eva2000 · Dec 26, 2016

There doesn't seem to be a Wordpress update out though ?

Jimmy · Dec 26, 2016

I was speaking about when WP does update the software.

I'm sure there are skids already starting to write bot scripts to exploit WP.

Matt · Dec 27, 2016

I've just had this email from Wordfence

Critical Vulnerability in PHPMailer. Affects WP Core. - Wordfence

eva2000 · Dec 27, 2016

thanks @Matt

PHPMailer is used by WordPress core to send email. You can find the code in the wp-includes/class-smtp.php core file.

Don’t Panic
NOTE: There is no known exploit publicly available for WordPress core or any WordPress theme or plugin at this time. The only exploit we have seen is where a researcher has built their own application and then exploited it, demonstrating the existence of this vulnerability in PHPMailer. (Details below)

Please don’t contact the WordPress core team, WordPress forum moderators or anyone else panicking that your WordPress site will be exploited. This research is currently ongoing and we are making you aware of this issue early for two reasons:

So that you can be ready to upgrade WordPress core and any other affected themes and plugins if you are a user, once a fix is released.

So that, if you are a developer who has used a vulnerable version of PHPMailer, you can start patching your code and get a release out to your customers.

Click to expand...

We have performed a brief analysis on the affected code in PHPMailer. To exploit this vulnerability, it appears that an attacker would need to be able to control the sender email address.

In the vulnerable version of PHPMailer, the sender email address is passed unescaped to a shell command. An attacker could include shell commands in the sender email that execute malicious code on a target machine or website.
Click to expand...

Jimmy · Dec 27, 2016

Don't Panic... today. Tomorrow will be a different story.

eva2000 · Dec 27, 2016

well wordpress folks are working on it #37210 (Update PHPMailer to 5.2.19) – WordPress Trac

Revenge · Dec 28, 2016

Exploiting PHPMailer (CVE-2016-10033) – Hackr

pamamolf · Dec 29, 2016

There is a new exploit out that bypasses the fix at 5.2.19 and works also for 5.2.20

CVE-2016-10045

SFLC · Dec 30, 2016

People are always up to no good on the internet

eva2000 · Dec 30, 2016

pamamolf said: ↑

There is a new exploit out that bypasses the fix at 5.2.19 and works also for 5.2.20

CVE-2016-10045
Click to expand...

info at

https://legalhackers.com/advisories...de-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html

About the CVE 2016 10033 and CVE 2016 10045 vulnerabilities · PHPMailer/PHPMailer Wiki · GitHub

III. INTRODUCTION
-------------------------

An independent research uncovered a critical vulnerability in PHPMailer that
could potentially be used by (unauthenticated) remote attackers to achieve
remote arbitrary code execution in the context of the web server user and
remotely compromise the target web application.

To exploit the vulnerability an attacker could target common website
components such as contact/feedback forms, registration forms, password
email resets and others that send out emails with the help of a vulnerable
version of the PHPMailer class.

The first patch of the vulnerability CVE-2016-10033 was incomplete.
This advisory demonstrates the bypass of the patch.
The bypass allows to carry out Remote Code Execution on all current
versions (including 5.2.19).

NOTE:
The vulnerability / patch bypass was responsibly reported to the vendor
in private on December 26th and a new CVE was issued by MITRE on the same day.
However a potential bypass was publicly discussed on the oss-sec list.
Holding the advisory further would serve no purpose which is what triggered
the earlier release of this advisory.
Click to expand...

eva2000 · Dec 30, 2016

For wordpress #37210 (Update PHPMailer to 5.2.21) – WordPress Trac

specifically #37210 (Update PHPMailer to 5.2.21) – WordPress Trac

Summary changed from Update PHPMailer to 5.2.19 to Update PHPMailer to 5.2.20

Further bug fix released in the last few hours, now at 5.2.20
Click to expand...

and #37210 (Update PHPMailer to 5.2.21) – WordPress Trac

In 39646:

Upgrade PHPMailer from 5.2.14 to 5.2.21.

The full list of changes is available here:
Comparing v5.2.14...v5.2.21 · PHPMailer/PHPMailer · GitHub

Props sebastian.pisula, MattyRob, sfpt, dd32, peterwilsoncc, voldemortensen.
Merges [39645] to the 4.7 branch.
Fixes #37210 for trunk.
Click to expand...

eva2000 · Dec 30, 2016

anyone curious with phpmailer 5.2.21 committed changes

History for class.phpmailer.php - PHPMailer/PHPMailer · GitHub

PHPMailer/class.phpmailer.php at 1d51856b76c06fc687fcd9180efa7a0bed0d761e · PHPMailer/PHPMailer · GitHub

and wordpress

Changeset 39645 – WordPress Trac

updated wp-include/class.phpmailer.php file rev = 39645 https://core.trac.wordpress.org/browser/trunk/src/wp-includes/class-phpmailer.php?rev=39645 or latest rev https://core.trac.wordpress.org/browser/trunk/src/wp-includes/class-phpmailer.php

eva2000 · Jan 7, 2017

Wordpress 4.7.1 RC notes
4.7.1 Release Candidate

4.7.1 Release Candidate
A Release Candidate for WordPress 4.7.1 is now available. This security and maintenance release fixes 62 issues reported against 4.7 and is scheduled for final release on Wednesday, January 11, 2017. Note this does not address a number of other issues, which are slated for a 4.7.2 release.

Thus far WordPress 4.7 has been downloaded over 9 million times since its release on December 6, 2016. Please help us by testing this release candidate to ensure 4.7.1 fixes the reported issues and doesn’t introduce any new ones. As always, the entire WordPress project is grateful to security reporters for practicing responsible disclosure.
Click to expand...

PHPMailer Update
Last month a security vulnerability (CVE 20016-10033) in the PHPMailer library was made public. WordPress uses this library as the basis for its email functionality. The Security Team has spent some time analysing this vulnerability, and how it applies to WordPress. This vulnerability does not appear to be directly exploitable in WordPress Core, or any major plugins in the plugin directory. The wp_mail() function, which WordPress Core and most plugins use for sending email, blocks this vulnerability from being exploited.
Click to expand...

Log in / Register

Forums

Want to subscribe to topics you're interested in?

Sysadmin PHPMailer

Jimmy Well-Known Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

Jimmy Well-Known Member

eva2000 Administrator Staff Member

Jimmy Well-Known Member

Matt Well-Known Member

eva2000 Administrator Staff Member

Jimmy Well-Known Member

eva2000 Administrator Staff Member

Revenge Active Member

pamamolf Premium Member Premium Member

SFLC Active Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

.

Log in / Register

Useful Searches

Want to subscribe to topics you're interested in?

Sysadmin PHPMailer

Jimmy Well-Known Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

Jimmy Well-Known Member

eva2000 Administrator Staff Member

Jimmy Well-Known Member

Matt Well-Known Member

eva2000 Administrator Staff Member

Jimmy Well-Known Member

eva2000 Administrator Staff Member

Revenge Active Member

pamamolf Premium Member Premium Member

SFLC Active Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

.