Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2020-D67DF93AA6.NASL
HistoryJun 08, 2020 - 12:00 a.m.

Fedora 32 : php-phpmailer6 (2020-d67df93aa6)

2020-06-0800:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13

7.8 High

AI Score

Confidence

High

JSON

This is a security release, with some other minor changes. For full details, refer to the [advisory](https://github.com/PHPMailer/PHPMailer/security/advisories/ GHSA-f7hx-fqxw-rvvj).

  • SECURITY Fix insufficient output escaping bug in file attachment names.CVE-2020-13625. Reported by Elar Lang of Clarified Security.

  • Correct Armenian ISO language code from am to hy, add mapping for fallback

  • Use correct timeout property in debug output

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory FEDORA-2020-d67df93aa6.
#

include('compat.inc');

if (description)
{
  script_id(137213);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/07");

  script_cve_id("CVE-2020-13625");
  script_xref(name:"FEDORA", value:"2020-d67df93aa6");

  script_name(english:"Fedora 32 : php-phpmailer6 (2020-d67df93aa6)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"This is a security release, with some other minor changes. For full
details, refer to the
[advisory](https://github.com/PHPMailer/PHPMailer/security/advisories/
GHSA-f7hx-fqxw-rvvj).

  - **SECURITY** Fix insufficient output escaping bug in
    file attachment names. **CVE-2020-13625**. Reported by
    Elar Lang of Clarified Security.

  - Correct Armenian ISO language code from am to hy, add
    mapping for fallback

  - Use correct timeout property in debug output

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.");
  script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2020-d67df93aa6");
  script_set_attribute(attribute:"solution", value:
"Update the affected php-phpmailer6 package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-13625");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/06/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/06/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/08");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-phpmailer6");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:32");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Fedora Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^32([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 32", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);


flag = 0;
if (rpm_check(release:"FC32", reference:"php-phpmailer6-6.1.6-2.fc32")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php-phpmailer6");
}
VendorProductVersionCPE
fedoraprojectfedoraphp-phpmailer6p-cpe:/a:fedoraproject:fedora:php-phpmailer6
fedoraprojectfedora32cpe:/o:fedoraproject:fedora:32

Related

cve 1
openvas 16
prion 1
nessus 9
osv 8
ubuntu 3
veracode 1
fedora 6
github 1
mageia 1
ubuntucve 1
debian 2
alpinelinux 1
debiancve 1
freebsd 1
suse 2
cve
cve
CVE-2020-13625
2020-06-08 17:15:00
openvas
openvas
Fedora: Security Advisory for php-phpmailer6 (FEDORA-2020-d67df93aa6)
2020-06-08 00:00:00
PHPMailer < 6.1.6 Output Escaping Vulnerability
2020-06-15 00:00:00
Fedora: Security Advisory for php-phpmailer6 (FEDORA-2020-6d2e1105f2)
2020-06-08 00:00:00
prion
prion
Double free
2020-06-08 17:15:00
nessus
nessus
Debian DLA-2306-1 : libphp-phpmailer security update
2020-08-03 00:00:00
Ubuntu 18.04 LTS : PHPMailer vulnerability (USN-4505-1)
2020-09-17 00:00:00
Fedora 32 : php-PHPMailer (2020-06e87e71fe)
2020-07-01 00:00:00
osv
osv
Insufficient output escaping of attachment names in PHPMailer
2020-05-27 16:37:02
CVE-2020-13625
2020-06-08 17:15:10
BIT-phpmailer-2020-13625
2024-03-06 11:02:00
ubuntu
ubuntu
PHPMailer vulnerability
2020-09-16 00:00:00
PHPMailer vulnerabilities
2023-03-15 00:00:00
PHPMailer vulnerability
2023-03-15 00:00:00
veracode
veracode
Access Control Bypass
2020-05-28 01:26:56
fedora
fedora
[SECURITY] Fedora 32 Update: php-phpmailer6-6.1.6-2.fc32
2020-06-07 19:49:11
[SECURITY] Fedora 31 Update: php-PHPMailer-5.2.28-2.fc31
2020-07-01 01:37:46
[SECURITY] Fedora 31 Update: php-phpmailer6-6.1.6-1.fc31
2020-06-07 19:47:31
github
github
Insufficient output escaping of attachment names in PHPMailer
2020-05-27 16:37:02
mageia
mageia
Updated php-phpmailer packages fix security vulnerability
2020-08-01 12:25:19
ubuntucve
ubuntucve
CVE-2020-13625
2020-06-08 00:00:00
debian
debian
[SECURITY] [DLA 2244-1] libphp-phpmailer security update
2020-06-11 14:27:34
[SECURITY] [DLA 2306-1] libphp-phpmailer security update
2020-08-02 04:39:28
alpinelinux
alpinelinux
CVE-2020-13625
2020-06-08 17:15:00
debiancve
debiancve
CVE-2020-13625
2020-06-08 17:15:00
freebsd
freebsd
Cacti -- multiple vulnerabilities
2020-07-15 00:00:00
suse
suse
Security update for cacti, cacti-spine (moderate)
2020-07-25 00:00:00
Security update for cacti, cacti-spine (moderate)
2020-07-28 00:00:00

7.8 High

AI Score

Confidence

High

JSON
Related for FEDORA_2020-D67DF93AA6.NASL
cve1openvas16prion1nessus9osv8ubuntu3veracode1fedora6github1mageia1ubuntucve1debian2alpinelinux1debiancve1freebsd1suse2