Date: Sat, 01 Sep 2012 20:24:35 -0600 From: Kurt Seifried <kseifried@...hat.com> To: Lukas Reschke <lukas@...tuscode.ch>, "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com> Subject: Re: CVE - ownCloud -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Lukas Reschke got back to me with details, here are the CVE assignments: ========================================================================== Is CVE-2012-2398 fixed in 3.0.3? Fixed. Advisory: http://owncloud.org/security/advisories/cve-2012-2398/ - ------------- Is CVE-2012-2397 fixed in 3.0.3? Fixed. Advisory: http://owncloud.org/security/advisories/CVE-2012-2397/ - ------------- Is CVE-2012-2270 fixed in 3.0.1? Fixed in 3.0.3 Advisory: http://owncloud.org/security/advisories/CVE-2012-2270/ - ------------- Is CVE-2012-2269 fixed in 3.0.1 Fixed. Advisory: http://owncloud.org/security/advisories/CVE-2012-2269/ ========================================================================== Version 4.0.7 Aug 14th 2012 Vulnerability of type .htaccess upload in file /lib/migrate.php. A user could import a crafted import.zip to upload a .htaccess to the data folder which could lead to a code execution. https://github.com/owncloud/core/commit/4fd069b47906ebcf83887970c732d464dbe7d37a Please use CVE-2012-4389 for this issue. ==== Vulnerability of type "user enumeration" in file remote.php. It has been discovered that an authenticated user could get a list of all registered users. https://github.com/owncloud/core/commit/4682846d3ecdad15c6a60126dda75eb7fa97c707 Please use CVE-2012-4390 for this issue. ==== Vulnerability of type "CSRF" in file appconfig.php The appconfig.php wasn't checking the CSRF token. This could lead that an attacker is able to edit the app configurations. https://github.com/owncloud/core/commit/5192eecce239a0b7ade1e60a6cf03075e5cfc188 Please use CVE-2012-4391 for this issue. ==== Vulnerability of type "auth bypass" in file index.php Due to unproper checking the cookie, an unauthenticated attacker could login as as user if the user never used the "remember password" function. https://github.com/owncloud/core/commit/baab13ae134ff109c043371a7813df9b9bd4967b Please use CVE-2012-4392 for this issue. - ------------- Version 4.0.6 Aug 1th 2012 Security: Check for Admin user in appconfig.php (CSRF) Registered user could change app configs without admin rights. https://github.com/owncloud/core/commit/9605e1926c6081e88326bf78a02c1d1b83126c4f Security: Several CSRF security fixes The admin settings and the bookmark app wasn't checking the CSRF token. https://github.com/owncloud/core/commit/38271ded753bc9ea9943cef3c2706f8d71f3a58f and https://github.com/owncloud/core/commit/93579d88dcea389205c01ddf6da41f37ad9b8745 CVS merged into a single CVE Please use CVE-2012-4393 for these issues. - ------------- Version 4.0.5 July 20th Reflected XSS (XSS) The filelist wasn't sanitzing HTML values in image files. https://github.com/owncloud/core/commit/d203fa2c50f4b2791e68e2b8ab9a0f8b94f9c9f8 Please use CVE-2012-4394 for this issue. - ------------- Version 4.0.3 June 23rd 2012 Reflected XSS (XSS) The redirect_url wasn't properly sanitzed. https://github.com/owncloud/core/commit/0074062b5329c3d43679909fddce2d70608a4475 Please use CVE-2012-4395 for this issue. - ------------- Version 4.0.2 June 11th 2012 Reflected XSS Filenames weren't properly sanitzed. https://github.com/owncloud/core/commit/d294373f476c795aaee7dc2444e7edfdea01a606 https://github.com/owncloud/core/commit/f8337c9d723039760eecccf68bcb02752551e254 https://github.com/owncloud/core/commit/cc653a8a408adfb4d0cd532145668aacd85ad96c https://github.com/owncloud/core/commit/8f09299e2468dfc4f9ec72b05acf47de3ef9d1d7 Reflected XSS The calendar wasn't properly sanitzing events. https://github.com/owncloud/core/commit/642e7ce110cb8c320072532c29abe003385d50f5 https://github.com/owncloud/core/commit/f955f6a6857754826af8903475688ba54f72c1bb https://github.com/owncloud/core/commit/44260a552cd4ee50ee11eee45164c725f56f7027 Reflected XSS The multiselect wasn't properly escaping inputs. https://github.com/owncloud/core/commit/8f616ecf76aac4a8b554fbf5a90b1645d0f25438 Persistent XSS The music player wasn't properly sanitized album informations. https://github.com/owncloud/core/commit/e817504569dce49fd7a677fa510e500394af0c48 CVS merged into a single CVE Please use CVE-2012-4396 for these issues. - ------------- Version 4.0.1 June 4th 2012 Persistent XSS Calendar names weren't sanitized properly. https://github.com/owncloud/core/commit/00595351400523168e18a08e3ffa5c3b1e7c1f6e Persistent XSS The contact app wasn't properly sanitzing vcard informations. https://github.com/owncloud/core/commit/54a371700554ed21a5cb7db03126b6c95ae4cbd3 CVS merged into a single CVE Please use CVE-2012-4397 for these issues. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iQIcBAEBAgAGBQJQQsNjAAoJEBYNRVNeJnmTT4wP/jbpKpKt7mjMtvN0PYpi1gGA pQ/qbbjm3mW8nMUYpCsELQPM6WhwQxQVNNWn98UfgOmnkFwdCJZn7eVZCb5FEI31 S9XFCIgNJC2fCdmz/p/nojIpjQYHOKrhrdPBd1XdDe0W4rKrG45Jt8w3CudPozAG RIMM60y9l3wj7TvCzudVFySuKyvcsD8Pvesp7kKpiYrwjPj+FgsPoUCiuCB78LIk WE/CFhLLTpm3JzgP2uJRaMvn4DDxkYQvamIfIiZV5CTpcldpie0SlrgcyLFf9pFZ yS3KCnS/couajkgzY33fVvJhmFAbSRDljTC/PMH2halGtijEEzepnBpqhz6oJx7V av1znT1yhGVhmXOAUTVdr1zjmmWKWYLdGlYOSzg0tpkBexBgVVf2PcRfHyLz6rnV dvfNIzeaV3NeRZfB+eo+laWpVf+IS4yTGdhsPPjk0DsPbPLeikEExd/SwWcHh/6w ZCW3TETegk2O++V8pcaCDFw53uQwGJlS7AyZbjTR/oQuGjpx9YwiQmeBTGUKIH4Y g21IQ3XYMUIyMDf4gu0CjHXd1DZttC0Jil7s6Ms2GxKzJ8gMDb0g2XjGYM94czzB RVwCz4VbY0hflqRfRb0KhcvRPIS2aml6DoveWjLHRbPIGwDPOwZ22i7kI1JAuEOM slIrpgM2JCGJJD4lUlcl =IaFz -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ