Vulnerabilities > CVE-2018-19296
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack.
Vulnerable Configurations
Nessus
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_B036FABAEDD811E8B3B700E04C1EA73D.NASL description SO-AND-SO reports : CVE-2018-19296:Fix potential object injection vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 119109 published 2018-11-23 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119109 title FreeBSD : phpmailer -- Multiple vulnerability (b036faba-edd8-11e8-b3b7-00e04c1ea73d) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(119109); script_version("1.3"); script_cvs_date("Date: 2018/12/19 13:21:19"); script_cve_id("CVE-2018-19296"); script_name(english:"FreeBSD : phpmailer -- Multiple vulnerability (b036faba-edd8-11e8-b3b7-00e04c1ea73d)"); script_summary(english:"Checks for updated packages in pkg_info output"); script_set_attribute( attribute:"synopsis", value: "The remote FreeBSD host is missing one or more security-related updates." ); script_set_attribute( attribute:"description", value: "SO-AND-SO reports : CVE-2018-19296:Fix potential object injection vulnerability." ); script_set_attribute( attribute:"see_also", value:"https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.27" ); script_set_attribute( attribute:"see_also", value:"https://github.com/PHPMailer/PHPMailer/releases/tag/v6.0.6" ); # https://vuxml.freebsd.org/freebsd/b036faba-edd8-11e8-b3b7-00e04c1ea73d.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f4b099a5" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:phpmailer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:phpmailer6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/11/16"); script_set_attribute(attribute:"patch_publication_date", value:"2018/11/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/11/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"phpmailer<5.2.27")) flag++; if (pkg_test(save_report:TRUE, pkg:"phpmailer6<6.0.6")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Fedora Local Security Checks NASL id FEDORA_2018-46B92C9064.NASL description **Version 6.0.6** - **SECURITY** Fix potential object injection vulnerability. **CVE-2018-19296**. Reported by Sehun Oh of cyberone.kr. - Added Tagalog translation, thanks to StoneArtz - Added Malagache translation, thanks to Hackinet - Updated Serbian translation, fixed incorrect language code, thanks to mmilanovic4 - Updated Arabic translations (MicroDroid) - Updated Hungarian translations - Updated Dutch translations - Updated Slovenian translation (filips123) - Updated Slovak translation (pcmanik) - Updated Italian translation (sabas) - Updated Norwegian translation (aleskr) - Updated Indonesian translation (mylastof) - Add constants for common values, such as text/html and quoted-printable, and use them - Added support for copied headers in DKIM, helping with debugging, and an option to add extra headers to the DKIM signature. See DKIM_sign example for how to use them. Thanks to gwi-mmuths. - Add Campaign Monitor transaction ID pattern matcher - Remove deprecated constant and ini values causing warnings in PHP 7.3, added PHP 7.3 build to Travis config. - Expanded test coverage Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-11-27 plugin id 119155 published 2018-11-27 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119155 title Fedora 27 : php-phpmailer6 (2018-46b92c9064) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2018-46b92c9064. # include("compat.inc"); if (description) { script_id(119155); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2018-19296"); script_xref(name:"FEDORA", value:"2018-46b92c9064"); script_name(english:"Fedora 27 : php-phpmailer6 (2018-46b92c9064)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "**Version 6.0.6** - **SECURITY** Fix potential object injection vulnerability. **CVE-2018-19296**. Reported by Sehun Oh of cyberone.kr. - Added Tagalog translation, thanks to StoneArtz - Added Malagache translation, thanks to Hackinet - Updated Serbian translation, fixed incorrect language code, thanks to mmilanovic4 - Updated Arabic translations (MicroDroid) - Updated Hungarian translations - Updated Dutch translations - Updated Slovenian translation (filips123) - Updated Slovak translation (pcmanik) - Updated Italian translation (sabas) - Updated Norwegian translation (aleskr) - Updated Indonesian translation (mylastof) - Add constants for common values, such as text/html and quoted-printable, and use them - Added support for copied headers in DKIM, helping with debugging, and an option to add extra headers to the DKIM signature. See DKIM_sign example for how to use them. Thanks to gwi-mmuths. - Add Campaign Monitor transaction ID pattern matcher - Remove deprecated constant and ini values causing warnings in PHP 7.3, added PHP 7.3 build to Travis config. - Expanded test coverage Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-46b92c9064" ); script_set_attribute( attribute:"solution", value:"Update the affected php-phpmailer6 package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-phpmailer6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:27"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/11/16"); script_set_attribute(attribute:"patch_publication_date", value:"2018/11/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/11/27"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^27([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 27", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC27", reference:"php-phpmailer6-6.0.6-1.fc27")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php-phpmailer6"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2018-0F5E6E9957.NASL description **Version 6.0.6** - **SECURITY** Fix potential object injection vulnerability. **CVE-2018-19296**. Reported by Sehun Oh of cyberone.kr. - Added Tagalog translation, thanks to StoneArtz - Added Malagache translation, thanks to Hackinet - Updated Serbian translation, fixed incorrect language code, thanks to mmilanovic4 - Updated Arabic translations (MicroDroid) - Updated Hungarian translations - Updated Dutch translations - Updated Slovenian translation (filips123) - Updated Slovak translation (pcmanik) - Updated Italian translation (sabas) - Updated Norwegian translation (aleskr) - Updated Indonesian translation (mylastof) - Add constants for common values, such as text/html and quoted-printable, and use them - Added support for copied headers in DKIM, helping with debugging, and an option to add extra headers to the DKIM signature. See DKIM_sign example for how to use them. Thanks to gwi-mmuths. - Add Campaign Monitor transaction ID pattern matcher - Remove deprecated constant and ini values causing warnings in PHP 7.3, added PHP 7.3 build to Travis config. - Expanded test coverage Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2019-01-03 plugin id 120237 published 2019-01-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120237 title Fedora 28 : php-phpmailer6 (2018-0f5e6e9957) NASL family Fedora Local Security Checks NASL id FEDORA_2018-DAEE493FEB.NASL description **Version 5.2.27** - SECURITY Fix potential object injection vulnerability. **CVE-2018-19296**. Reported by Sehun Oh of cyberone.kr. Note that the 5.2 branch is deprecated and will not receive security updates after 31st December 2018. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-11-27 plugin id 119159 published 2018-11-27 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119159 title Fedora 27 : php-PHPMailer (2018-daee493feb) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1591.NASL description A possible regression was found in the recent security update for libphp-phpmailer, announced as DLA 1591-1. During backporting a new variable have accidentally introduced to a conditional statement from a much later version. Thanks to Salvatore Bonaccorso (carnil) for reporting this. For Debian 8 last seen 2020-06-01 modified 2020-06-02 plugin id 119119 published 2018-11-26 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119119 title Debian DLA-1591-2 : libphp-phpmailer regression update NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4351.NASL description It was discovered that PHPMailer, a library to send email from PHP applications, is prone to a PHP object injection vulnerability, potentially allowing a remote attacker to execute arbitrary code. last seen 2020-05-15 modified 2018-12-10 plugin id 119508 published 2018-12-10 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119508 title Debian DSA-4351-1 : libphp-phpmailer - security update NASL family Fedora Local Security Checks NASL id FEDORA_2018-A2E9BD6EAE.NASL description **Version 5.2.27** - SECURITY Fix potential object injection vulnerability. **CVE-2018-19296**. Reported by Sehun Oh of cyberone.kr. Note that the 5.2 branch is deprecated and will not receive security updates after 31st December 2018. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2019-01-03 plugin id 120666 published 2019-01-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120666 title Fedora 29 : php-PHPMailer (2018-a2e9bd6eae) NASL family Fedora Local Security Checks NASL id FEDORA_2018-F73869D61E.NASL description **Version 5.2.27** - SECURITY Fix potential object injection vulnerability. **CVE-2018-19296**. Reported by Sehun Oh of cyberone.kr. Note that the 5.2 branch is deprecated and will not receive security updates after 31st December 2018. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2019-01-03 plugin id 120921 published 2019-01-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120921 title Fedora 28 : php-PHPMailer (2018-f73869d61e) NASL family Fedora Local Security Checks NASL id FEDORA_2018-18F3EFF32B.NASL description **Version 6.0.6** - **SECURITY** Fix potential object injection vulnerability. **CVE-2018-19296**. Reported by Sehun Oh of cyberone.kr. - Added Tagalog translation, thanks to StoneArtz - Added Malagache translation, thanks to Hackinet - Updated Serbian translation, fixed incorrect language code, thanks to mmilanovic4 - Updated Arabic translations (MicroDroid) - Updated Hungarian translations - Updated Dutch translations - Updated Slovenian translation (filips123) - Updated Slovak translation (pcmanik) - Updated Italian translation (sabas) - Updated Norwegian translation (aleskr) - Updated Indonesian translation (mylastof) - Add constants for common values, such as text/html and quoted-printable, and use them - Added support for copied headers in DKIM, helping with debugging, and an option to add extra headers to the DKIM signature. See DKIM_sign example for how to use them. Thanks to gwi-mmuths. - Add Campaign Monitor transaction ID pattern matcher - Remove deprecated constant and ini values causing warnings in PHP 7.3, added PHP 7.3 build to Travis config. - Expanded test coverage Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2019-01-03 plugin id 120257 published 2019-01-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120257 title Fedora 29 : php-phpmailer6 (2018-18f3eff32b)
References
- https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.27
- https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.27
- https://github.com/PHPMailer/PHPMailer/releases/tag/v6.0.6
- https://github.com/PHPMailer/PHPMailer/releases/tag/v6.0.6
- https://lists.debian.org/debian-lts-announce/2018/12/msg00020.html
- https://lists.debian.org/debian-lts-announce/2018/12/msg00020.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3B5WDPGUFNPG4NAZ6G4BZX43BKLAVA5B/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3B5WDPGUFNPG4NAZ6G4BZX43BKLAVA5B/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPU66INRFY5BQ3ESVPRUXJR4DXQAFJVT/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPU66INRFY5BQ3ESVPRUXJR4DXQAFJVT/
- https://www.debian.org/security/2018/dsa-4351
- https://www.debian.org/security/2018/dsa-4351