Bug 1273004 (CVE-2015-4716, CVE-2015-4717, CVE-2015-4718, CVE-2015-5953, CVE-2015-5954, CVE-2015-7699)
Summary: | CVE-2015-4717 CVE-2015-4718 CVE-2015-5953 CVE-2015-5954 CVE-2015-7699 CVE-2015-4716 owncloud: Multiple vulnerabilities fixed | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Adam Mariš <amaris> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | awilliam, ignatenko, shawn |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-10-19 18:05:24 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1273005, 1273006 | ||
Bug Blocks: |
Description
Adam Mariš
2015-10-19 12:02:08 UTC
Created owncloud tracking bugs for this issue: Affects: fedora-all [bug 1273005] Affects: epel-all [bug 1273006] External References CVE-2015-4717: https://owncloud.org/security/advisory/?id=oc-sa-2015-007 External References CVE-2015-4718: https://owncloud.org/security/advisory/?id=oc-sa-2015-008 External References CVE-2015-5953: https://owncloud.org/security/advisory/?id=oc-sa-2015-010 External References CVE-2015-5954: https://owncloud.org/security/advisory/?id=oc-sa-2015-011 External References CVE-2015-7699: https://owncloud.org/security/advisory/?id=oc-sa-2015-018 ownCloud 8.0.8 is already in stable for all Fedora/EPEL releases except EL 6. ownCloud 7.0.10 is already in stable for EL 7. Thus none of this affects us and you're just wasting my time. Please be more careful in future. CVE-2015-4716: Due to an improper control of the filename for a require_once() statement in the routing component a limited local file inclusion vulnerability is existent in all below mentioned ownCloud versions when running on the MS Windows Platform. Depending on the ownCloud configuration and the authentication state of a remote attacker this vulnerability may have different impact. Specifically: * An unauthenticated remote attacker is able to reinstall the instance in case he is able to connect to a database or the SQLite driver is installed. This will overwrite the existing configuration and existing users will not be able to login anymore. This attack is very likely to be noticed, however an attacker is granted administrative access to the ownCloud instance. If a backup of the configuration file is accessible for the web server user the attacker might restore it after a successful exploitation to cover the attack * An unauthenticated remote attacker is able to execute arbitrary PHP code if he is able to upload files using the public upload functionality and he can guess the full path of the folder. * An authenticated remote attacker is able to execute arbitrary PHP code if the /data/ directory is below the ownCloud root. The directory can be moved using the datadirectory configuration in config/config.php. External References CVE-2015-4716: https://owncloud.org/security/advisory/?id=oc-sa-2015-006 |