ID CVE-2015-4718 Type cve Reporter NVD Modified 2015-10-22T15:25:31
Description
The external SMB storage driver in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 allows remote authenticated users to execute arbitrary SMB commands via a ; (semicolon) character in a file.
{"cpe": ["cpe:/a:owncloud:owncloud:7.0.5", "cpe:/a:owncloud:owncloud:7.0.3", "cpe:/a:owncloud:owncloud:8.0.3", "cpe:/a:owncloud:owncloud:8.0.2", "cpe:/a:owncloud:owncloud:7.0.2", "cpe:/a:owncloud:owncloud:7.0.0", "cpe:/a:owncloud:owncloud:8.0.0", "cpe:/a:owncloud:owncloud:6.0.7", "cpe:/a:owncloud:owncloud:7.0.1", "cpe:/a:owncloud:owncloud:7.0.4"], "edition": 1, "references": ["http://www.debian.org/security/2015/dsa-3373", "https://owncloud.org/security/advisory/?id=oc-sa-2015-008", "http://www.securityfocus.com/bid/76162"], "viewCount": 3, "scanner": [], "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/", "score": 9.0}, "assessment": {"system": "", "href": "", "name": ""}, "hash": "69da11d2c52d5c043637a24ba8983e39ab2ead16c94324d08feb93697ad67d2a", "lastseen": "2016-09-03T22:44:10", "cvelist": ["CVE-2015-4718"], "bulletinFamily": "NVD", "title": "CVE-2015-4718", "type": "cve", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4718", "history": [], "published": "2015-10-21T14:59:02", "objectVersion": "1.2", "reporter": "NVD", "modified": "2015-10-22T15:25:31", "description": "The external SMB storage driver in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 allows remote authenticated users to execute arbitrary SMB commands via a ; (semicolon) character in a file.", "id": "CVE-2015-4718", "enchantments": {"vulnersScore": 6.3}}
{"result": {"owncloud": [{"id": "OC-SA-2015-008", "type": "owncloud", "title": "Server: Command injection when using external SMB storage", "description": "The external SMB storage of ownCloud was not properly neutralizing all special elements which allows an adversary to execute arbitrary SMB commands.\n\nThis was caused by improperly sanitizing the ; character which is interpreted as command separator by smbclient (the used software to connect to SMB shared by ownCloud)\n\nEffectively this allows an attacker to gain access to any file on the system or overwrite it, finally leading to a PHP code execution in the case of ownCloud's config file.\n\n \n\n\n* * *\n\n**[For more information please consult the official advisory.](<https://owncloud.org/security/advisory/?id=oC-SA-2015-008>)**\n\n\nThis advisory is licensed [CC BY-SA 4.0](https://creativecommons.org/licenses/by-sa/4.0/)", "published": "2015-06-24T16:10:59", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://owncloud.org/security/advisory/?id=oC-SA-2015-008", "cvelist": ["CVE-2015-4718"], "lastseen": "2016-09-26T21:06:21"}, {"id": "OWNCLOUD:85F6B1E6FEF0D0C44C7F7205BC1B98A6", "type": "owncloud", "title": "Command injection when using external SMB storage - ownCloud", "description": "The external SMB storage of ownCloud was not properly neutralizing all special elements which allows an adversary to execute arbitrary SMB commands.\n\nThis was caused by improperly sanitizing the ; character which is interpreted as command separator by smbclient (the used software to connect to SMB shared by ownCloud)\n\nEffectively this allows an attacker to gain access to any file on the system or overwrite it, finally leading to a PHP code execution in the case of ownCloud's config file.\n\n### Affected Software\n\n * ownCloud Server < **6.0.8** (CVE-2015-4718)\n * ownCloud Server < **7.0.6** (CVE-2015-4718)\n * ownCloud Server < **8.0.4** (CVE-2015-4718)\n\n### Action Taken\n\nFiles containing a `;` are no longer processed on external SMB storages. This is no regression as handling files containing said character was not reliably possible before as well.\n\nownCloud 8.1 will feature a completely rewritten SMB storage with cleaner code to reduce the attack surface even more.\n\n### Acknowledgements\n\nThe ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:\n\n * Lukas Reschke - ownCloud Inc. (lukas@owncloud.com) - Vulnerability discovery and disclosure.\n", "published": "2015-06-24T18:48:32", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://owncloud.org/security/advisories/command-injection-using-external-smb-storage/", "cvelist": ["CVE-2015-4718"], "lastseen": "2018-01-11T22:53:29"}], "openvas": [{"id": "OPENVAS:1361412562310809292", "type": "openvas", "title": "ownCloud Multiple Vulnerabilities Sep16 (Windows)", "description": "The host is installed with ownCloud and\n is prone to multiple vulnerabilities.", "published": "2016-09-23T00:00:00", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809292", "cvelist": ["CVE-2015-4717", "CVE-2015-4718"], "lastseen": "2017-10-25T14:42:41"}, {"id": "OPENVAS:1361412562310809293", "type": "openvas", "title": "ownCloud Multiple Vulnerabilities Sep16 (Linux)", "description": "The host is installed with ownCloud and\n is prone to multiple vulnerabilities.", "published": "2016-09-23T00:00:00", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809293", "cvelist": ["CVE-2015-4717", "CVE-2015-4718"], "lastseen": "2017-10-25T14:41:58"}, {"id": "OPENVAS:1361412562310130065", "type": "openvas", "title": "Mageia Linux Local Check: mgasa-2015-0314", "description": "Mageia Linux Local Security Checks mgasa-2015-0314", "published": "2015-10-15T00:00:00", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310130065", "cvelist": ["CVE-2015-4715", "CVE-2015-4717", "CVE-2015-4718"], "lastseen": "2017-07-24T12:52:28"}, {"id": "OPENVAS:703373", "type": "openvas", "title": "Debian Security Advisory DSA 3373-1 (owncloud - security update)", "description": "Multiple vulnerabilities were discovered\nin ownCloud, a cloud storage web service for files, music, contacts, calendars and\nmany more. These flaws may lead to the execution of arbitrary code, authorization\nbypass, information disclosure, cross-site scripting or denial of service.", "published": "2015-10-18T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=703373", "cvelist": ["CVE-2015-4717", "CVE-2015-4718", "CVE-2015-4716", "CVE-2015-7699", "CVE-2015-6670", "CVE-2015-5953", "CVE-2015-6500", "CVE-2015-5954"], "lastseen": "2017-07-24T12:53:42"}, {"id": "OPENVAS:1361412562310703373", "type": "openvas", "title": "Debian Security Advisory DSA 3373-1 (owncloud - security update)", "description": "Multiple vulnerabilities were discovered\nin ownCloud, a cloud storage web service for files, music, contacts, calendars and\nmany more. These flaws may lead to the execution of arbitrary code, authorization\nbypass, information disclosure, cross-site scripting or denial of service.", "published": "2015-10-18T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703373", "cvelist": ["CVE-2015-4717", "CVE-2015-4718", "CVE-2015-4716", "CVE-2015-7699", "CVE-2015-6670", "CVE-2015-5953", "CVE-2015-6500", "CVE-2015-5954"], "lastseen": "2018-04-06T11:29:05"}], "debian": [{"id": "DSA-3373", "type": "debian", "title": "owncloud -- security update", "description": "Multiple vulnerabilities were discovered in ownCloud, a cloud storage web service for files, music, contacts, calendars and many more. These flaws may lead to the execution of arbitrary code, authorization bypass, information disclosure, cross-site scripting or denial of service.\n\nFor the stable distribution (jessie), these problems have been fixed in version 7.0.4+dfsg-4~deb8u3.\n\nFor the testing distribution (stretch), these problems have been fixed in version 7.0.10~dfsg-2 or earlier versions.\n\nFor the unstable distribution (sid), these problems have been fixed in version 7.0.10~dfsg-2 or earlier versions.\n\nWe recommend that you upgrade your owncloud packages.", "published": "2015-10-18T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-3373", "cvelist": ["CVE-2015-4717", "CVE-2015-4718", "CVE-2015-4716", "CVE-2015-7699", "CVE-2015-6670", "CVE-2015-5953", "CVE-2015-6500", "CVE-2015-5954"], "lastseen": "2016-09-02T18:27:55"}], "nessus": [{"id": "DEBIAN_DSA-3373.NASL", "type": "nessus", "title": "Debian DSA-3373-1 : owncloud - security update", "description": "Multiple vulnerabilities were discovered in ownCloud, a cloud storage web service for files, music, contacts, calendars and many more. These flaws may lead to the execution of arbitrary code, authorization bypass, information disclosure, cross-site scripting or denial of service.", "published": "2015-10-19T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=86430", "cvelist": ["CVE-2015-4717", "CVE-2015-4718", "CVE-2015-4716", "CVE-2015-7699", "CVE-2015-6670", "CVE-2015-5953", "CVE-2015-6500", "CVE-2015-5954"], "lastseen": "2017-10-29T13:37:48"}]}}
