{"id": "DEBIAN:DLA-363-1:5F661", "bulletinFamily": "unix", "title": "[SECURITY] [DLA 363-1] libphp-phpmailer security update", "description": "Package : libphp-phpmailer\nVersion : 5.1-1+deb6u11\nCVE ID : CVE-2015-8476\nDebian Bug : 807265\n\nIt was discovered that there was a header injection vulnerability in\nlibphp-phpmailer, am email transfer library for PHP.\n\nFor Debian 6 Squeeze, this issue has been fixed in libphp-phpmailer\nversion 5.1-1+deb6u11.\n\nRegards,\n\n- -- \n ,''`.\n : :' : Chris Lamb\n `. `'` lamby@debian.org / chris-lamb.co.uk\n `-\n\n\n", "published": "2015-12-08T18:35:19", "modified": "2015-12-08T18:35:19", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201512/msg00004.html", "reporter": "Debian", "references": [], "cvelist": ["CVE-2015-8476"], "type": "debian", "lastseen": "2020-08-12T01:02:26", "edition": 8, "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-8476"]}, {"type": "openvas", "idList": ["OPENVAS:703416", "OPENVAS:1361412562310703416", "OPENVAS:1361412562310807263", "OPENVAS:1361412562310108467", "OPENVAS:1361412562310131162"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3416-1:9E6BC"]}, {"type": "nessus", "idList": ["FEDORA_2015-ABF9659276.NASL", "DEBIAN_DLA-363.NASL", "DEBIAN_DSA-3416.NASL", "FEDORA_2015-39522BB8C9.NASL"]}, {"type": "github", "idList": ["GHSA-738M-F33V-QC2R"]}, {"type": "fedora", "idList": ["FEDORA:D917C6030B0B", "FEDORA:613DF604E845"]}], "modified": "2020-08-12T01:02:26", "rev": 2}, "score": {"value": 5.9, "vector": "NONE", "modified": "2020-08-12T01:02:26", "rev": 2}, "vulnersScore": 5.9}, "affectedPackage": [{"OS": "Debian", "OSVersion": "6", "arch": "all", "operator": "lt", "packageFilename": "libphp-phpmailer_5.1-1+deb6u11_all.deb", "packageName": "libphp-phpmailer", "packageVersion": "5.1-1+deb6u11"}], "scheme": null}

{"cve": [{"lastseen": "2021-02-02T06:21:30", "description": "Multiple CRLF injection vulnerabilities in PHPMailer before 5.2.14 allow attackers to inject arbitrary SMTP commands via CRLF sequences in an (1) email address to the validateAddress function in class.phpmailer.php or (2) SMTP command to the sendCommand function in class.smtp.php, a different vulnerability than CVE-2012-0796.", "edition": 6, "cvss3": {}, "published": "2015-12-16T21:59:00", "title": "CVE-2015-8476", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8476"], "modified": "2016-12-06T03:03:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:phpmailer_project:phpmailer:5.2.13", "cpe:/o:debian:debian_linux:7.0"], "id": "CVE-2015-8476", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8476", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmailer_project:phpmailer:5.2.13:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"]}], "debian": [{"lastseen": "2020-08-12T01:10:25", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8476"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3416-1 security@debian.org\nhttps://www.debian.org/security/ Luciano Bello\nDecember 13, 2015 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libphp-phpmailer\nCVE ID : CVE-2015-8476\nDebian Bug : 807265\n\nTakeshi Terada discovered a vulnerability in PHPMailer, a PHP library for\nemail transfer, used by many CMSs. The library accepted email addresses\nand SMTP commands containing line breaks, which can be abused by an\nattacker to inject messages.\n\nFor the oldstable distribution (wheezy), this problem has been fixed in\nversion 5.1-1+deb6u11.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 5.2.9+dfsg-2+deb8u1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 5.2.14+dfsg-1.\n\nWe recommend that you upgrade your libphp-phpmailer packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 8, "modified": "2015-12-13T19:12:06", "published": "2015-12-13T19:12:06", "id": "DEBIAN:DSA-3416-1:9E6BC", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00321.html", "title": "[SECURITY] [DSA 3416-1] libphp-phpmailer security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "openvas": [{"lastseen": "2019-05-29T18:36:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8476"], "description": "Mageia Linux Local Security Checks mgasa-2015-0484", "modified": "2018-09-28T00:00:00", "published": "2015-12-28T00:00:00", "id": "OPENVAS:1361412562310131162", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310131162", "type": "openvas", "title": "Mageia Linux Local Check: mgasa-2015-0484", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: mgasa-2015-0484.nasl 11692 2018-09-28 16:55:19Z cfischer $\n#\n# Mageia Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://www.solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.131162\");\n script_version(\"$Revision: 11692 $\");\n script_tag(name:\"creation_date\", value:\"2015-12-28 10:39:26 +0200 (Mon, 28 Dec 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 18:55:19 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Mageia Linux Local Check: mgasa-2015-0484\");\n script_tag(name:\"insight\", value:\"Updated php-phpmailer package fixes security vulnerability: Takeshi Terada discovered that PHPMailer accepted addresses containing line breaks. This is valid in RFC5322, but allowing such addresses resulted in invalid RFC5321 SMTP commands, permitting a kind of message injection attack (CVE-2015-8476).\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://advisories.mageia.org/MGASA-2015-0484.html\");\n script_cve_id(\"CVE-2015-8476\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\", re:\"ssh/login/release=MAGEIA5\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Mageia Linux Local Security Checks mgasa-2015-0484\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Mageia Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"php-phpmailer\", rpm:\"php-phpmailer~5.2.14~1.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2017-07-24T12:52:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8476"], "description": "Takeshi Terada discovered a vulnerability\nin PHPMailer, a PHP library for email transfer, used by many CMSs. The library\naccepted email addresses and SMTP commands containing line breaks, which can be\nabused by an attacker to inject messages.", "modified": "2017-07-07T00:00:00", "published": "2015-12-13T00:00:00", "id": "OPENVAS:703416", "href": "http://plugins.openvas.org/nasl.php?oid=703416", "type": "openvas", "title": "Debian Security Advisory DSA 3416-1 (libphp-phpmailer - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3416.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3416-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703416);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2015-8476\");\n script_name(\"Debian Security Advisory DSA 3416-1 (libphp-phpmailer - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-12-13 00:00:00 +0100 (Sun, 13 Dec 2015)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3416.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"libphp-phpmailer on Debian Linux\");\n script_tag(name: \"insight\", value: \"Many PHP developers utilize email in\ntheir code. The only PHP function that supports this is the mail() function.\nHowever, it does not expose any of the popular features that many email clients\nuse nowadays like HTML-based emails and attachments. There are two proprietary\ndevelopment tools out there that have all the functionality built into\neasy to use classes: AspEmail(tm) and AspMail. Both of these\nprograms are COM components only available on Windows.\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution\n(wheezy), this problem has been fixed in version 5.1-1.1.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 5.2.9+dfsg-2+deb8u1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 5.2.14+dfsg-1.\n\nWe recommend that you upgrade your libphp-phpmailer packages.\");\n script_tag(name: \"summary\", value: \"Takeshi Terada discovered a vulnerability\nin PHPMailer, a PHP library for email transfer, used by many CMSs. The library\naccepted email addresses and SMTP commands containing line breaks, which can be\nabused by an attacker to inject messages.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libphp-phpmailer\", ver:\"5.1-1.1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libphp-phpmailer\", ver:\"5.2.9+dfsg-2+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:36:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8476"], "description": "Takeshi Terada discovered a vulnerability\nin PHPMailer, a PHP library for email transfer, used by many CMSs. The library\naccepted email addresses and SMTP commands containing line breaks, which can be\nabused by an attacker to inject messages.", "modified": "2019-03-18T00:00:00", "published": "2015-12-13T00:00:00", "id": "OPENVAS:1361412562310703416", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703416", "type": "openvas", "title": "Debian Security Advisory DSA 3416-1 (libphp-phpmailer - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3416.nasl 14278 2019-03-18 14:47:26Z cfischer $\n# Auto-generated from advisory DSA 3416-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703416\");\n script_version(\"$Revision: 14278 $\");\n script_cve_id(\"CVE-2015-8476\");\n script_name(\"Debian Security Advisory DSA 3416-1 (libphp-phpmailer - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:47:26 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-12-13 00:00:00 +0100 (Sun, 13 Dec 2015)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3416.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(7|8)\");\n script_tag(name:\"affected\", value:\"libphp-phpmailer on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution\n(wheezy), this problem has been fixed in version 5.1-1.1.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 5.2.9+dfsg-2+deb8u1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 5.2.14+dfsg-1.\n\nWe recommend that you upgrade your libphp-phpmailer packages.\");\n script_tag(name:\"summary\", value:\"Takeshi Terada discovered a vulnerability\nin PHPMailer, a PHP library for email transfer, used by many CMSs. The library\naccepted email addresses and SMTP commands containing line breaks, which can be\nabused by an attacker to inject messages.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libphp-phpmailer\", ver:\"5.1-1.1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libphp-phpmailer\", ver:\"5.2.9+dfsg-2+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8476"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-02-12T00:00:00", "id": "OPENVAS:1361412562310807263", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807263", "type": "openvas", "title": "Fedora Update for php-PHPMailer FEDORA-2015-39522", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php-PHPMailer FEDORA-2015-39522\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807263\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-02-12 06:14:58 +0100 (Fri, 12 Feb 2016)\");\n script_cve_id(\"CVE-2015-8476\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for php-PHPMailer FEDORA-2015-39522\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php-PHPMailer'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"php-PHPMailer on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-39522\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2016-February/177139.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"php-PHPMailer\", rpm:\"php-PHPMailer~5.2.14~1.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:33:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8476"], "description": "This host is running PHPMailer and is prone\n to a SMTP CRLF injection vulnerability.", "modified": "2019-03-13T00:00:00", "published": "2018-09-25T00:00:00", "id": "OPENVAS:1361412562310108467", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108467", "type": "openvas", "title": "PHPMailer < 5.2.14 SMTP CRLF Injection Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_phpmailer_smtp_crlf_inj.nasl 14156 2019-03-13 14:38:13Z cfischer $\n#\n# PHPMailer < 5.2.14 SMTP CRLF Injection Vulnerability\n#\n# Authors:\n# Christian Fischer <christian.fischer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:phpmailer_project:phpmailer\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108467\");\n script_version(\"$Revision: 14156 $\");\n script_cve_id(\"CVE-2015-8476\");\n script_bugtraq_id(78619);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 15:38:13 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-09-25 09:59:32 +0200 (Tue, 25 Sep 2018)\");\n script_name(\"PHPMailer < 5.2.14 SMTP CRLF Injection Vulnerability\");\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_phpmailer_detect.nasl\");\n script_mandatory_keys(\"phpmailer/detected\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/78619\");\n script_xref(name:\"URL\", value:\"https://github.com/PHPMailer/PHPMailer/blob/master/SECURITY.md\");\n\n script_tag(name:\"summary\", value:\"This host is running PHPMailer and is prone\n to a SMTP CRLF injection vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists because PHPMailer allows to inject arbitrary SMTP\n commands via CRLF sequences in an (1) email address to the validateAddress function in class.phpmailer.php\n or (2) SMTP command to the sendCommand function in class.smtp.php.\");\n\n script_tag(name:\"impact\", value:\"Attackers can exploit this issue to send arbitrary messages.\");\n\n script_tag(name:\"affected\", value:\"PHPMailer versions before 5.2.14 are vulnerable.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to PHPMailer 5.2.14 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) ) exit( 0 );\nif( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) ) exit( 0 );\nversion = infos['version'];\nlocation = infos['location'];\n\nif( version_is_less( version:version, test_version:\"5.2.14\" ) ) {\n report = report_fixed_ver( installed_version:version, fixed_version:\"5.2.14\", install_url:location );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8476"], "description": "Full Featured Email Transfer Class for PHP. PHPMailer features: * Supports emails digitally signed with S/MIME encryption! * Supports emails with multiple TOs, CCs, BCCs and REPLY-TOs * Works on any platform. * Supports Text & HTML emails. * Embedded image support. * Multipart/alternative emails for mail clients that do not read HTML email. * Flexible debugging. * Custom mail headers. * Redundant SMTP servers. * Support for 8bit, base64, binary, and quoted-printable encoding. * Word wrap. * Multiple fs, string, and binary attachments (those from database, string, etc). * SMTP authentication. * Tested on multiple SMTP servers: Sendmail, qmail, Postfix, Gmail, Imail, Exchange, etc. * Good documentation, many examples included in download. * It's swift, small, and simple. ", "modified": "2016-02-11T13:24:07", "published": "2016-02-11T13:24:07", "id": "FEDORA:D917C6030B0B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: php-PHPMailer-5.2.14-1.fc23", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8476"], "description": "Full Featured Email Transfer Class for PHP. PHPMailer features: * Supports emails digitally signed with S/MIME encryption! * Supports emails with multiple TOs, CCs, BCCs and REPLY-TOs * Works on any platform. * Supports Text & HTML emails. * Embedded image support. * Multipart/alternative emails for mail clients that do not read HTML email. * Flexible debugging. * Custom mail headers. * Redundant SMTP servers. * Support for 8bit, base64, binary, and quoted-printable encoding. * Word wrap. * Multiple fs, string, and binary attachments (those from database, string, etc). * SMTP authentication. * Tested on multiple SMTP servers: Sendmail, qmail, Postfix, Gmail, Imail, Exchange, etc. * Good documentation, many examples included in download. * It's swift, small, and simple. ", "modified": "2016-02-11T13:49:45", "published": "2016-02-11T13:49:45", "id": "FEDORA:613DF604E845", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: php-PHPMailer-5.2.14-1.fc22", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2021-01-12T09:43:42", "description": "It was discovered that there was a header injection vulnerability in\nlibphp-phpmailer, am email transfer library for PHP.\n\nFor Debian 6 Squeeze, this issue has been fixed in libphp-phpmailer\nversion 5.1-1+deb6u11.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 14, "published": "2015-12-09T00:00:00", "title": "Debian DLA-363-1 : libphp-phpmailer security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8476"], "modified": "2015-12-09T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:libphp-phpmailer"], "id": "DEBIAN_DLA-363.NASL", "href": "https://www.tenable.com/plugins/nessus/87268", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-363-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87268);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-8476\");\n\n script_name(english:\"Debian DLA-363-1 : libphp-phpmailer security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that there was a header injection vulnerability in\nlibphp-phpmailer, am email transfer library for PHP.\n\nFor Debian 6 Squeeze, this issue has been fixed in libphp-phpmailer\nversion 5.1-1+deb6u11.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2015/12/msg00004.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/libphp-phpmailer\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected libphp-phpmailer package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libphp-phpmailer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libphp-phpmailer\", reference:\"5.1-1+deb6u11\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T09:49:20", "description": "Takeshi Terada discovered a vulnerability in PHPMailer, a PHP library\nfor email transfer, used by many CMSs. The library accepted email\naddresses and SMTP commands containing line breaks, which can be\nabused by an attacker to inject messages.", "edition": 22, "published": "2015-12-14T00:00:00", "title": "Debian DSA-3416-1 : libphp-phpmailer - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8476"], "modified": "2015-12-14T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:libphp-phpmailer", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-3416.NASL", "href": "https://www.tenable.com/plugins/nessus/87331", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3416. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87331);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-8476\");\n script_xref(name:\"DSA\", value:\"3416\");\n\n script_name(english:\"Debian DSA-3416-1 : libphp-phpmailer - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Takeshi Terada discovered a vulnerability in PHPMailer, a PHP library\nfor email transfer, used by many CMSs. The library accepted email\naddresses and SMTP commands containing line breaks, which can be\nabused by an attacker to inject messages.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807265\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/libphp-phpmailer\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/libphp-phpmailer\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3416\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the libphp-phpmailer packages.\n\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 5.1-1.1.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 5.2.9+dfsg-2+deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libphp-phpmailer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libphp-phpmailer\", reference:\"5.1-1.1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libphp-phpmailer\", reference:\"5.2.9+dfsg-2+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T10:13:31", "description": "New upstream release: fixes CVE-2015-8476.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 17, "published": "2016-03-04T00:00:00", "title": "Fedora 22 : php-PHPMailer-5.2.14-1.fc22 (2015-39522bb8c9)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8476"], "modified": "2016-03-04T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:php-PHPMailer", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2015-39522BB8C9.NASL", "href": "https://www.tenable.com/plugins/nessus/89214", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-39522bb8c9.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89214);\n script_version(\"2.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-8476\");\n script_xref(name:\"FEDORA\", value:\"2015-39522bb8c9\");\n\n script_name(english:\"Fedora 22 : php-PHPMailer-5.2.14-1.fc22 (2015-39522bb8c9)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New upstream release: fixes CVE-2015-8476.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1289094\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-February/177139.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?873eedb3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected php-PHPMailer package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-PHPMailer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"php-PHPMailer-5.2.14-1.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php-PHPMailer\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T10:13:53", "description": "New upstream release: fixes CVE-2015-8476.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 17, "published": "2016-03-04T00:00:00", "title": "Fedora 23 : php-PHPMailer-5.2.14-1.fc23 (2015-abf9659276)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8476"], "modified": "2016-03-04T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:php-PHPMailer", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2015-ABF9659276.NASL", "href": "https://www.tenable.com/plugins/nessus/89363", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-abf9659276.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89363);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-8476\");\n script_xref(name:\"FEDORA\", value:\"2015-abf9659276\");\n\n script_name(english:\"Fedora 23 : php-PHPMailer-5.2.14-1.fc23 (2015-abf9659276)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New upstream release: fixes CVE-2015-8476.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1289094\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-February/177130.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?087ee704\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected php-PHPMailer package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-PHPMailer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"php-PHPMailer-5.2.14-1.fc23\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php-PHPMailer\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "github": [{"lastseen": "2020-04-06T23:39:16", "bulletinFamily": "software", "cvelist": ["CVE-2015-8476"], "description": "### Impact\nAttackers could inject arbitrary SMTP commands via by exploiting the fact that valid email addresses may contain line breaks, which are not handled correctly in some contexts.\n\n### Patches\nFixed in 5.2.14 in [this commit](https://github.com/PHPMailer/PHPMailer/commit/6687a96a18b8f12148881e4ddde795ae477284b0).\n\n### Workarounds\nManually strip line breaks from email addresses before passing them to PHPMailer.\n\n### References\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8476\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open a private issue in [the PHPMailer project](https://github.com/PHPMailer/PHPMailer)", "edition": 3, "modified": "2020-03-05T22:09:19", "published": "2020-03-05T22:09:19", "id": "GHSA-738M-F33V-QC2R", "href": "https://github.com/advisories/GHSA-738m-f33v-qc2r", "title": "SMTP Injection in PHPMailer", "type": "github", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}]}