| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <e32a571e-0fd0-24a2-e3c2-7c24447eec33@luigirosa.com> Date: Tue, 27 Dec 2016 11:22:44 +0100 From: Luigi Rosa <lists@...girosa.com> To: fulldisclosure@...lists.org Subject: Re: [FD] PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033] Dawid Golunski wrote on 26/12/2016 03:31: > Patching: > Responsibly disclosed to PHPMailer team. > They've released a critical security release. > If you are using an affected release update to the 5.2.18 security > release as advised at: > https://github.com/PHPMailer/PHPMailer/blob/master/changelog.md Am I wrong or the vulnerability only applies if you use the sendmail method to send messages and does not apply if you use SMTP on port 25? I have patched all my PHPMailer installation yesterday, I am asking this only for personal curiosity. Thank you -- Ciao, luigi / +--[Luigi Rosa]-- \ http://127.0.0.1 Error 404: No One Home _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists