The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer before 5.4.5 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address in the (1) From, (2) ReturnPath, or (3) Sender header.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/140290/SwiftMailer-Remote-Code-Execution.html | Exploit Third Party Advisory |
http://seclists.org/fulldisclosure/2016/Dec/86 | Exploit Mailing List |
http://www.debian.org/security/2017/dsa-3769 | |
http://www.securityfocus.com/bid/95140 | Third Party Advisory VDB Entry |
https://github.com/swiftmailer/swiftmailer/blob/5.x/CHANGES | Patch Vendor Advisory |
https://legalhackers.com/advisories/SwiftMailer-Exploit-Remote-Code-Exec-CVE-2016-10074-Vuln.html | Exploit Technical Description Third Party Advisory |
https://www.exploit-db.com/exploits/40972/ | Exploit Third Party Advisory |
https://www.exploit-db.com/exploits/40986/ | |
https://www.exploit-db.com/exploits/42221/ |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2016-12-30T19:00:00
Updated: 2017-11-03T18:57:01
Reserved: 2016-12-27T00:00:00
Link: CVE-2016-10074
JSON object: View
NVD Information
Status : Modified
Published: 2016-12-30T19:59:00.310
Modified: 2017-11-04T01:29:15.287
Link: CVE-2016-10074
JSON object: View
Redhat Information
No data.
CWE