Wiki » Support/Advisories/MGASA-2013-0154

MGASA-2013-0154

Date:	May 25th, 2013
Affected releases:	3
Media:	Core

Description:
Updated owncloud package fixes security vulnerabilities:

ownCloud before 5.0.6 does not neutralize special elements that are
passed to the SQL query in lib/db.php which therefore allows an
authenticated attacker to execute arbitrary SQL commands (CVE-2013-2045).

ownCloud before 5.0.6 and 4.5.11 does not neutralize special elements
that are passed to the SQL query in lib/bookmarks.php which therefore
allows an authenticated attacker to execute arbitrary SQL commands
(CVE-2013-2046).

Multiple directory traversal vulnerabilities in (1)
apps/files_trashbin/index.php via the "dir" GET parameter and (2)
lib/files/view.php via undefined vectors in all ownCloud versions
prior to 5.0.6 and other versions before 4.0.15, allow authenticated
remote attackers to get access to arbitrary local files (CVE-2013-2039,
CVE-2013-2085).

Cross-site scripting (XSS) vulnerabilities in multiple files inside
the media application via multiple unspecified vectors in all ownCloud
versions prior to 5.0.6 and other versions before 4.0.15 allows
authenticated remote attackers to inject arbitrary web script or HTML
(CVE-2013-2040).

Cross-site scripting (XSS) vulnerabilities in (1)
apps/bookmarks/ajax/editBookmark.php via the "tag" GET parameter
(CVE-2013-2041) and in (2) apps/files/js/files.js via the "dir" GET
parameter to apps/files/ajax/newfile.php in ownCloud 5.0.x before 5.0.6
allows authenticated remote attackers to inject arbitrary web script or
HTML (CVE-2013-2041).

Cross-site scripting (XSS) vulnerabilities in (1)
apps/bookmarks/ajax/addBookmark.php via the "url" GET parameter and in
(2) apps/bookmarks/ajax/editBookmark.php via the "url" POST parameter
in ownCloud 5.0.x before 5.0.6 allows authenticated remote attackers
to inject arbitrary web script or HTML (CVE-2013-2042).

Open redirect vulnerability in index.php (aka the Login Page) in
ownCloud before 5.0.6 allows remote attackers to redirect users to
arbitrary web sites and conduct phishing attacks via a URL in the
redirect_url parameter (CVE-2013-2044).

Index.php (aka the login page) contains a form that does not disable
the autocomplete setting for the password parameter, which makes it
easier for local users or physically proximate attackers to obtain the
password from web browsers that support autocomplete (CVE-2013-2047).

Due to not properly checking the ownership of an calendar, an
authenticated attacker is able to download calendars of other users
via the "calendar_id" GET parameter to /apps/calendar/ajax/events.php.
Note: Successful exploitation of this privilege escalation requires
the "calendar" app to be enabled (enabled by default) (CVE-2013-2043).

Due to an insufficient permission check, an authenticated attacker is
able to execute API commands as administrator. Additionally, an
unauthenticated attacker could abuse this flaw as a cross-site request
forgery vulnerability (CVE-2013-2048).

Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows
authenticated remote attackers to execute arbitrary PHP code by
uploading a crafted file and accessing an uploaded PHP file.
Note: Successful exploitation requires that the /data/ directory is
stored inside the webroot and a webserver that interprets .htaccess
files (e.g. Apache) (CVE-2013-2089).

The configuration loader in ownCloud 5.0.x before 5.0.6 includes
private data such as CSRF tokens in a JavaScript file, which allows
remote attackers to obtain sensitive information (CVE-2013-2086).

Updated Packages:
i586:
owncloud-5.0.6-1.mga3.noarch.rpm

x86_64:
owncloud-5.0.6-1.mga3.noarch.rpm

SRPMS:
owncloud-5.0.6-1.mga3.src.rpm

Wiki » Support/Advisories/MGASA-2013-0154

MGASA-2013-0154

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools