oss-sec mailing list archives
ownCloud Security Advisories (2013-008, 2013-009, 2013-010)
From: Lukas Reschke <lukas () owncloud org>
Date: Thu, 14 Mar 2013 07:36:15 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 # Multiple XSS vulnerabilities (oC-SA-2013-008) Web: https://owncloud.org/about/security/advisories/oC-SA-2013-008/ ## CVE IDENTIFIERS - CVE-2013-1822 ## AFFECTED SOFTWARE - ownCloud Server < 4.5.8 ## DESCRIPTION Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.8 and all prior versions (except 4.0.x) allow remote attackers to inject arbitrary web script or HTML via - the "quota" POST parameter to setquota.php in /core/settings/ajax/ - Commits: 2364c79 (stable45) - Risk: Low - Note: Successful exploitation of this stored XSS requires administrator privileges. - the group input field to settings.php (CVE-2013-0307) - Commits: 4cff6df (stable45) - Risk: Low - Note: Successful exploitation of this DOM based self XSS requires group admin privileges. - the share with input field - Commits: 7b0a8f4 (stable45) - Risk: Low - Note: Successful exploitation of this DOM based self XSS requires group admin privileges. ## RESOLUTION Update to ownCloud Server 5.0.0 or 4.5.8 http://download.owncloud.org/community/owncloud-5.0.0.tar.bz2 http://download.owncloud.org/community/owncloud-4.5.8.tar.bz2 --------------------------------------- # Contacts: Bypass of file blacklist (oC-SA-2013-009) Web: https://owncloud.org/about/security/advisories/oC-SA-2013-009/ ## CVE IDENTIFIERS - CVE-2013-1850 ## RISK: - Critical ## COMMITS: - stable4: fae5bd3 - stable45: e294a16, 1314e6d ## AFFECTED SOFTWARE - ownCloud Server < 4.5.8 - ownCloud Server < 4.0.13 ## DESCRIPTION Incomplete blacklist vulnerability in apps/contacts/import.php and apps/contacts/ajax/uploadimport.php in ownCloud before 4.0.13 and 4.5.8 allows an authenticated remote attacker to upload a .htaccess file and therefore the execution of arbitrary PHP code in a standard Apache installation. Note: Successful exploitation of this vulnerability requires the calendar application to be enabled (enabled by default) and the data directory has to be in the webroot. ## RESOLUTION Update to ownCloud Server 5.0.0, 4.5.8 or 4.0.13 http://download.owncloud.org/community/owncloud-5.0.0.tar.bz2 http://download.owncloud.org/community/owncloud-4.5.8.tar.bz2 http://download.owncloud.org/community/owncloud-4.0.13.tar.bz2 --------------------------------------- # user_migrate: Local file disclosure (oC-SA-2013-010) Web: https://owncloud.org/about/security/advisories/oC-SA-2013-010/ ## CVE IDENTIFIERS - CVE-2013-1851 ## RISK: - High ## COMMITS: - stable4: edf7162 - stable45: 7b6a022 ## AFFECTED SOFTWARE - ownCloud Server < 4.5.8 - ownCloud Server < 4.0.13 ## DESCRIPTION Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.13 and 4.5.8 allows an authenticated remote attacker to import arbitrary files on the server inside his user account. Note: Successful exploitation of this vulnerability requires the user_migrate application to be enabled. (disabled by default) ## RESOLUTION Update to ownCloud Server 5.0.0, 4.5.8 or 4.0.13 http://download.owncloud.org/community/owncloud-5.0.0.tar.bz2 http://download.owncloud.org/community/owncloud-4.5.8.tar.bz2 http://download.owncloud.org/community/owncloud-4.0.13.tar.bz2 -- ownCloud Your Cloud, Your Data, Your Way! GPG: 0xEB32B77BA406BE99 -----BEGIN PGP SIGNATURE----- Version: OpenPGP.js v.1.20121007 Comment: http://openpgpjs.org wsFcBAEBAgAQBQJRQW+KCRDrMrd7pAa+mQAAD7AP/1n5KCcQv2HFf4iETNfF ZFUEPQVppStRCQMwDjzhx3n5LwXciYy6Nk+U12tn4IavacsVYREAsvRUqVRc LEPvaap66F7QWjKm+kIeoLbcjcRss0ShCBpGt7lMpI4ZLMu15mlHTZ+1cKcU 2wRnehR58qxo535B0qmCoBTktOK0eOc3A3XQPWj6Iflvmxj1ZHfDzDTGhORZ +N5rJIS4lpoS/sFeBiH1N5ZxhZKuGGymjmzFzLkuKOOC6zPu/ZVtHthpsk64 JLFV9c8avNdHwuLdDbtfzPRO8NrginR7IeqNkn2cLtX7sId7ikc+t4F3ubPw AwF+48rDsVwfda6yCMCHpCw7i0bGtDz/lLsT4vfhUBWJ4ew0ZD1fX2mHunc9 dnKsNqw+f1hoUYAsWq37bAMIj9fM+GKqBaN+OBUDx+lt2PMhrsZHbDohRmXZ GTSGfwgMXcyOw72/M7icrtW2hEylIL1PHt/ZJqn3YRh8WMlTYTnhKH0lpzEd curBLzICFs7/qN0fyk1BFYj7NPkKksEpnFAEZx7w5xH+gA5ZanoTXM2J5103 2dm9uvo0lqxt6XoctujH+SN+Cx2tUocO8ahA+kwOiL9QSRphumJ4Va4wZSpX 2R5k9t5yUmB9jI904KYbbRz6P9M+teLFzb5bpRyt2RW09EFDbmQ0I8FkYdY6 90CQ =9rrE -----END PGP SIGNATURE-----
Current thread:
- ownCloud Security Advisories (2013-008, 2013-009, 2013-010) Lukas Reschke (Mar 13)