| APPSEC-1746 – Remote Code Execution using mail vulnerability | |
|---|---|
| Type: | Remote code execution (RCE) |
| CVSSv3 Severity: | 9.8 (Critical) |
| Known Attacks: | None |
| Description: | Zend Framework 1 vulnerability can be remotely exploited to execute code in Magento 1. While the issue is not reproducible in Magento 2, the library code is the same so it was fixed as well.Note: while the vulnerability is scored as critical, few systems are affected. To be affected by the vulnerability the installation has to: – use sendmail as the mail transport agent – have specific, non-default configuration settings at System-> Configuration-> Advanced-> System-> Mail Sending Settings-> Set Return-Path (Set Return-Path option set to Yes) |
| Product(s) Affected: | Magento Community Edition prior to 1.9.3.2, and Magento Enterprise Edition prior to 1.14.3.2, Magento 2.1 versions prior to 2.1.4 and Magento 2.0 versions prior to 2.0.12 |
| Fixed In: | Community Edition 1.9.3.2, Enterprise Edition 1.14.3.2, SUPEE-9652, Magento 2.1.4, Magento 2.0.12 |
| Reporter: | natmchugh |
S
SUPEE-9652
SUPEE-9652 address the Zend library vulnerability in mail From header due to Set Return-path option set to Yes at System-> Configuration-> Advanced-> System-> Mail Sending Settings-> Set Return-Path