Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 01 Sep 2012 20:24:35 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: Lukas Reschke <lukas@...tuscode.ch>,
        "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
Subject: Re: CVE - ownCloud

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Lukas Reschke got back to me with details, here are the CVE assignments:


==========================================================================
Is CVE-2012-2398 fixed in 3.0.3?
Fixed.
Advisory: http://owncloud.org/security/advisories/cve-2012-2398/
- -------------
Is CVE-2012-2397 fixed in 3.0.3?
Fixed.
Advisory: http://owncloud.org/security/advisories/CVE-2012-2397/
- -------------
Is CVE-2012-2270 fixed in 3.0.1?
Fixed in 3.0.3
Advisory:
http://owncloud.org/security/advisories/CVE-2012-2270/
- -------------
Is CVE-2012-2269 fixed in 3.0.1
Fixed.
Advisory:
http://owncloud.org/security/advisories/CVE-2012-2269/

==========================================================================

Version 4.0.7 Aug 14th 2012

Vulnerability of type .htaccess upload in file /lib/migrate.php.
A user could import a crafted import.zip to upload a .htaccess to the
data folder which could lead to a code execution.
https://github.com/owncloud/core/commit/4fd069b47906ebcf83887970c732d464dbe7d37a

Please use CVE-2012-4389 for this issue.

====
Vulnerability of type "user enumeration" in file remote.php.
It has been discovered that an authenticated user could get a list of
all registered users.
https://github.com/owncloud/core/commit/4682846d3ecdad15c6a60126dda75eb7fa97c707

Please use CVE-2012-4390 for this issue.

====
Vulnerability of type "CSRF" in file appconfig.php
The appconfig.php wasn't checking the CSRF token. This could lead that
an attacker is able to edit the app configurations.
https://github.com/owncloud/core/commit/5192eecce239a0b7ade1e60a6cf03075e5cfc188

Please use CVE-2012-4391 for this issue.

====
Vulnerability of type "auth bypass" in file index.php
Due to unproper checking the cookie, an unauthenticated attacker could
login as as user if the user never used the "remember password"
function.
https://github.com/owncloud/core/commit/baab13ae134ff109c043371a7813df9b9bd4967b

Please use CVE-2012-4392 for this issue.

- -------------
Version 4.0.6 Aug 1th 2012

Security: Check for Admin user in
appconfig.php (CSRF)
Registered user could change app configs without admin rights.
https://github.com/owncloud/core/commit/9605e1926c6081e88326bf78a02c1d1b83126c4f
Security: Several CSRF security fixes
The admin settings and the bookmark app wasn't checking the CSRF token.
https://github.com/owncloud/core/commit/38271ded753bc9ea9943cef3c2706f8d71f3a58f
and
https://github.com/owncloud/core/commit/93579d88dcea389205c01ddf6da41f37ad9b8745

CVS merged into a single CVE

Please use CVE-2012-4393 for these issues.

- -------------

Version 4.0.5 July 20th
Reflected XSS (XSS)
The filelist wasn't sanitzing HTML values in image files.
https://github.com/owncloud/core/commit/d203fa2c50f4b2791e68e2b8ab9a0f8b94f9c9f8

Please use CVE-2012-4394 for this issue.
- -------------

Version 4.0.3 June 23rd 2012
Reflected XSS (XSS)
The redirect_url wasn't properly sanitzed.
https://github.com/owncloud/core/commit/0074062b5329c3d43679909fddce2d70608a4475

Please use CVE-2012-4395 for this issue.
- -------------

Version 4.0.2 June 11th 2012
Reflected XSS
Filenames weren't properly sanitzed.
https://github.com/owncloud/core/commit/d294373f476c795aaee7dc2444e7edfdea01a606
https://github.com/owncloud/core/commit/f8337c9d723039760eecccf68bcb02752551e254
https://github.com/owncloud/core/commit/cc653a8a408adfb4d0cd532145668aacd85ad96c
https://github.com/owncloud/core/commit/8f09299e2468dfc4f9ec72b05acf47de3ef9d1d7

Reflected XSS
The calendar wasn't properly sanitzing events.
https://github.com/owncloud/core/commit/642e7ce110cb8c320072532c29abe003385d50f5
https://github.com/owncloud/core/commit/f955f6a6857754826af8903475688ba54f72c1bb
https://github.com/owncloud/core/commit/44260a552cd4ee50ee11eee45164c725f56f7027

Reflected XSS
The multiselect wasn't properly escaping inputs.
https://github.com/owncloud/core/commit/8f616ecf76aac4a8b554fbf5a90b1645d0f25438

Persistent XSS
The music player wasn't properly sanitized album informations.
https://github.com/owncloud/core/commit/e817504569dce49fd7a677fa510e500394af0c48

CVS merged into a single CVE
Please use CVE-2012-4396 for these issues.

- -------------

Version 4.0.1 June 4th 2012

Persistent XSS
Calendar names weren't sanitized properly.
https://github.com/owncloud/core/commit/00595351400523168e18a08e3ffa5c3b1e7c1f6e

Persistent XSS
The contact app wasn't properly sanitzing vcard informations.
https://github.com/owncloud/core/commit/54a371700554ed21a5cb7db03126b6c95ae4cbd3

CVS merged into a single CVE
Please use CVE-2012-4397 for these issues.



- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQQsNjAAoJEBYNRVNeJnmTT4wP/jbpKpKt7mjMtvN0PYpi1gGA
pQ/qbbjm3mW8nMUYpCsELQPM6WhwQxQVNNWn98UfgOmnkFwdCJZn7eVZCb5FEI31
S9XFCIgNJC2fCdmz/p/nojIpjQYHOKrhrdPBd1XdDe0W4rKrG45Jt8w3CudPozAG
RIMM60y9l3wj7TvCzudVFySuKyvcsD8Pvesp7kKpiYrwjPj+FgsPoUCiuCB78LIk
WE/CFhLLTpm3JzgP2uJRaMvn4DDxkYQvamIfIiZV5CTpcldpie0SlrgcyLFf9pFZ
yS3KCnS/couajkgzY33fVvJhmFAbSRDljTC/PMH2halGtijEEzepnBpqhz6oJx7V
av1znT1yhGVhmXOAUTVdr1zjmmWKWYLdGlYOSzg0tpkBexBgVVf2PcRfHyLz6rnV
dvfNIzeaV3NeRZfB+eo+laWpVf+IS4yTGdhsPPjk0DsPbPLeikEExd/SwWcHh/6w
ZCW3TETegk2O++V8pcaCDFw53uQwGJlS7AyZbjTR/oQuGjpx9YwiQmeBTGUKIH4Y
g21IQ3XYMUIyMDf4gu0CjHXd1DZttC0Jil7s6Ms2GxKzJ8gMDb0g2XjGYM94czzB
RVwCz4VbY0hflqRfRb0KhcvRPIS2aml6DoveWjLHRbPIGwDPOwZ22i7kI1JAuEOM
slIrpgM2JCGJJD4lUlcl
=IaFz
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ