Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1yOW13LWd3eDktdjNoNc4AAVU6
zend-mail remote code execution via Sendmail adapter
The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " (backslash double quote) in a crafted e-mail address.
Permalink: https://github.com/advisories/GHSA-r9mw-gwx9-v3h5JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yOW13LWd3eDktdjNoNc4AAVU6
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: about 2 years ago
Updated: 25 days ago
CVSS Score: 9.8
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-r9mw-gwx9-v3h5, CVE-2016-10034
References:
- https://nvd.nist.gov/vuln/detail/CVE-2016-10034
- https://framework.zend.com/security/advisory/ZF2016-04
- https://legalhackers.com/advisories/ZendFramework-Exploit-ZendMail-Remote-Code-Exec-CVE-2016-10034-Vuln.html
- https://security.gentoo.org/glsa/201804-10
- http://www.securityfocus.com/bid/95144
- http://www.securitytracker.com/id/1037539
- https://www.exploit-db.com/exploits/40979
- https://www.exploit-db.com/exploits/40986
- https://www.exploit-db.com/exploits/42221
- https://github.com/advisories/GHSA-r9mw-gwx9-v3h5
Affected Packages
packagist:zendframework/zend-mail
Dependent packages: 235Dependent repositories: 2,752
Downloads: 13,062,809 total
Affected Version Ranges: >= 2.7, < 2.7.2, >= 2.6, <= 2.6.2, >= 2.5, <= 2.5.2, < 2.4.11
Fixed in: 2.7.2, , , 2.4.11
All affected versions: 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.7, 2.2.8, 2.2.9, 2.2.10, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 2.3.7, 2.3.8, 2.3.9, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.4.4, 2.4.5, 2.4.6, 2.4.7, 2.4.8, 2.4.9, 2.4.10, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.7.0, 2.7.1
All unaffected versions: 2.4.11, 2.4.12, 2.4.13, 2.7.2, 2.7.3, 2.8.0, 2.9.0, 2.10.0