Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Ubuntu 18.04 LTS: USN-4505-1 Moderate: PHPMailer Filename Exploit

ubuntu
Calendar Grey September 16, 2020
Dist Ubuntu Esm H88
A critical PHPMailer vulnerability affects Ubuntu 18.04 LTS, allowing remote attackers potential unauthorized actions. Update to mitigate risks promptly
Attachments with specially crafted filenames could bypass filename-based mail attachment filters.

Summary

Attachments with specially crafted filenames could bypass filename-based

mail attachment filters.

Software Description:

- libphp-phpmailer: full featured email transfer class for PHP

Details:

Elar Lang discovered that PHPMailer did not properly escape double quote

characters in filenames. A remote attacker could possibly exploit this

with a crafted filename to bypass attachment filters that are based on

matching filename extensions. (CVE-2020-13625)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  libphp-phpmailer                5.2.14+dfsg-2.3+deb9u2build0.18.04.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4505-1

CVE-2020-13625

September 16, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here