| |||||||||||||||||||
Mageia alert MGASA-2013-0154 (owncloud)
MGASA-2013-0154 Date: May 25th, 2013 Affected releases: 3 Media: Core Description: Updated owncloud package fixes security vulnerabilities: ownCloud before 5.0.6 does not neutralize special elements that are passed to the SQL query in lib/db.php which therefore allows an authenticated attacker to execute arbitrary SQL commands (CVE-2013-2045). ownCloud before 5.0.6 and 4.5.11 does not neutralize special elements that are passed to the SQL query in lib/bookmarks.php which therefore allows an authenticated attacker to execute arbitrary SQL commands (CVE-2013-2046). Multiple directory traversal vulnerabilities in (1) apps/files_trashbin/index.php via the "dir" GET parameter and (2) lib/files/view.php via undefined vectors in all ownCloud versions prior to 5.0.6 and other versions before 4.0.15, allow authenticated remote attackers to get access to arbitrary local files (CVE-2013-2039, CVE-2013-2085). Cross-site scripting (XSS) vulnerabilities in multiple files inside the media application via multiple unspecified vectors in all ownCloud versions prior to 5.0.6 and other versions before 4.0.15 allows authenticated remote attackers to inject arbitrary web script or HTML (CVE-2013-2040). Cross-site scripting (XSS) vulnerabilities in (1) apps/bookmarks/ajax/editBookmark.php via the "tag" GET parameter (CVE-2013-2041) and in (2) apps/files/js/files.js via the "dir" GET parameter to apps/files/ajax/newfile.php in ownCloud 5.0.x before 5.0.6 allows authenticated remote attackers to inject arbitrary web script or HTML (CVE-2013-2041). Cross-site scripting (XSS) vulnerabilities in (1) apps/bookmarks/ajax/addBookmark.php via the "url" GET parameter and in (2) apps/bookmarks/ajax/editBookmark.php via the "url" POST parameter in ownCloud 5.0.x before 5.0.6 allows authenticated remote attackers to inject arbitrary web script or HTML (CVE-2013-2042). Open redirect vulnerability in index.php (aka the Login Page) in ownCloud before 5.0.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter (CVE-2013-2044). Index.php (aka the login page) contains a form that does not disable the autocomplete setting for the password parameter, which makes it easier for local users or physically proximate attackers to obtain the password from web browsers that support autocomplete (CVE-2013-2047). Due to not properly checking the ownership of an calendar, an authenticated attacker is able to download calendars of other users via the "calendar_id" GET parameter to /apps/calendar/ajax/events.php. Note: Successful exploitation of this privilege escalation requires the "calendar" app to be enabled (enabled by default) (CVE-2013-2043). Due to an insufficient permission check, an authenticated attacker is able to execute API commands as administrator. Additionally, an unauthenticated attacker could abuse this flaw as a cross-site request forgery vulnerability (CVE-2013-2048). Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows authenticated remote attackers to execute arbitrary PHP code by uploading a crafted file and accessing an uploaded PHP file. Note: Successful exploitation requires that the /data/ directory is stored inside the webroot and a webserver that interprets .htaccess files (e.g. Apache) (CVE-2013-2089). The configuration loader in ownCloud 5.0.x before 5.0.6 includes private data such as CSRF tokens in a JavaScript file, which allows remote attackers to obtain sensitive information (CVE-2013-2086). Updated Packages: i586: owncloud-5.0.6-1.mga3.noarch.rpm x86_64: owncloud-5.0.6-1.mga3.noarch.rpm SRPMS: owncloud-5.0.6-1.mga3.src.rpm References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2039 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2049 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2041 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2042 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2043 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2044 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2045 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2046 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2047 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2048 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2085 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2086 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2089 http://owncloud.org/about/security/advisories/oC-SA-2013-... http://owncloud.org/about/security/advisories/oC-SA-2013-... http://owncloud.org/about/security/advisories/oC-SA-2013-... http://owncloud.org/about/security/advisories/oC-SA-2013-... http://owncloud.org/about/security/advisories/oC-SA-2013-... http://owncloud.org/about/security/advisories/oC-SA-2013-... http://owncloud.org/about/security/advisories/oC-SA-2013-... http://owncloud.org/about/security/advisories/oC-SA-2013-... http://owncloud.org/about/security/advisories/oC-SA-2013-... http://mailman.owncloud.org/pipermail/announcements/2013-... http://mailman.owncloud.org/pipermail/announcements/2013-... https://bugs.mageia.org/show_bug.cgi?id=10092 https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-... (Log in to post comments)
|
|||||||||||||||||||