Previous Thread
Next Thread
Print Thread
Rate Thread
UBB.threads 7.6.0 - Progress Report (2016-12-27) #322299
12/27/2016 7:47 AM
12/27/2016 7:47 AM
Joined: Jul 2001
Posts: 1,095
California
isaac Online happy OP
$coffee=code(true);
isaac  Online Happy OP
$coffee=code(true);
Joined: Jul 2001
Posts: 1,095
California
Changelog 2016-12-27 --SECURITY BULLETIN--
• PHPMailer -Updated PHPMailer library from 5.2.16 to version 5.2.19
1) https://github.com/PHPMailer/PHPMailer/blob/master/SECURITY.md
2) https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html
3) https://www.wordfence.com/blog/2016/12/phpmailer-vulnerability/

To exploit this vulnerability, an attacker would need to be able to pass user input to a message’s “from” address. UBB.threads is not affected by this issue since email is only ever sent from the configured Forum Email Address and does not allow for user input to be set elsewhere.

In addition, the send-to addresses are always checked that sendmail path exists and validated as correct email format, as well as being escaped, prior to being stored in the database or passed on to PHPMailer. Emailing a post/message goes through several steps of validation prior to being sent, and will not be passed to PHPMailer if the validation does not pass.

NOTES: All versions of the third-party PHPMailer library distributed with UBB.threads versions within the 7.5.x series and prior, are vulnerable to a remote code execution vulnerability. This is patched in PHPMailer 5.2.18 which will be included with UBB.threads 7.6.0.

If you are using the PHPMailer library included within your UBB.threads package to handle any additional or custom (unsupported) scripts, you should manually update your PHPMailer library to version 5.2.18 or newer. https://github.com/PHPMailer/PHPMailer
For reference, UBB.threads 7.5.x uses PHPMailer 2.0.2.

Sponsored Links
Re: UBB.threads 7.6.0 - Progress Report (2016-12-27) [Re: isaac] #322305
12/28/2016 10:10 AM
12/28/2016 10:10 AM
Joined: Jul 2001
Posts: 1,095
California
isaac Online happy OP
$coffee=code(true);
isaac  Online Happy OP
$coffee=code(true);
Joined: Jul 2001
Posts: 1,095
California
Changelog 2016-12-28 --SECURITY BULLETIN--
• PHPMailer -Updated PHPMailer library from 5.2.19 to version 5.2.21
1) http://seclists.org/bugtraq/2016/Dec/54
2) https://legalhackers.com/advisories...ec-CVE-2016-10045-Vuln-Patch-Bypass.html

Re: UBB.threads 7.6.0 - Progress Report (2016-12-27) [Re: isaac] #322407
01/12/2017 8:04 AM
01/12/2017 8:04 AM
Joined: Jul 2001
Posts: 1,095
California
isaac Online happy OP
$coffee=code(true);
isaac  Online Happy OP
$coffee=code(true);
Joined: Jul 2001
Posts: 1,095
California
Changelog 2017-01-12 --SECURITY BULLETIN--
• PHPMailer -Updated PHPMailer library from 5.2.21 to version 5.2.22
1) https://github.com/PHPMailer/PHPMailer/blob/master/SECURITY.md
2) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5223


Moderated by  Gizmo, Ruben Rocha, isaac 

Donate Today!
Donate via PayPal

Donate to UBBDev today to help aid in Operational, Server and Script Maintenance, and Development costs.

Please also see our parent organization VNC Web Services if you're in the need for Migration, Security or Coding Services.
Recommended Hosts
We have personally worked with, and recommend, the following Web Hosts:
· Stable Host
· Blue Host
· Interserver.net
Visit Us on Facebook
Member Spotlight
badfrog
badfrog
somewhere on the coast of Maine
Posts: 94
Joined: March 2007
Show All Member Profiles 
Forum Statistics
Forums64
Topics37,424
Posts293,381
Members13,776
Most Online1,498
Mar 17th, 2017
Top Posters(All Time)
AllenAyres 25,587
JoshPet 11,330
Rick 8,373
LK 7,396
Lord Dexter 6,503
Gizmo 5,928
Greg Hard 5,533
Top Posters(30 Days)
isaac 9
Morgan 1
Today's Statistics
Currently Online 768
Topics Created 0
Posts Made 0
Users Online 1
Birthdays 17
The UBB.Developers Network (UBB.Dev/Threads.Dev) is ©2000-2017 VNC Web Services

 
Powered by UBB.threads™ PHP Forum Software 7.6.1
(Snapshot build 20171012.dev)
Page Time: 0.027s Queries: 15 (0.008s) Memory: 3.1991 MB (Peak: 3.3265 MB) Zlib enabled. Server Time: 2017-10-18 05:21:17 UTC