ID CVE-2015-4718 Type cve Reporter NVD Modified 2015-10-22T15:25:31
Description
The external SMB storage driver in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 allows remote authenticated users to execute arbitrary SMB commands via a ; (semicolon) character in a file.
{"reporter": "NVD", "enchantments": {"score": {"vector": "NONE", "value": 7.5}, "vulnersScore": 7.5}, "published": "2015-10-21T14:59:02", "cvelist": ["CVE-2015-4718"], "title": "CVE-2015-4718", "objectVersion": "1.2", "type": "cve", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4718", "bulletinFamily": "NVD", "id": "CVE-2015-4718", "history": [], "scanner": [], "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/", "score": 9.0}, "modified": "2015-10-22T15:25:31", "hash": "69da11d2c52d5c043637a24ba8983e39ab2ead16c94324d08feb93697ad67d2a", "cpe": ["cpe:/a:owncloud:owncloud:7.0.5", "cpe:/a:owncloud:owncloud:7.0.3", "cpe:/a:owncloud:owncloud:8.0.3", "cpe:/a:owncloud:owncloud:8.0.2", "cpe:/a:owncloud:owncloud:7.0.2", "cpe:/a:owncloud:owncloud:7.0.0", "cpe:/a:owncloud:owncloud:8.0.0", "cpe:/a:owncloud:owncloud:6.0.7", "cpe:/a:owncloud:owncloud:7.0.1", "cpe:/a:owncloud:owncloud:7.0.4"], "viewCount": 3, "edition": 1, "assessment": {"system": "", "href": "", "name": ""}, "references": ["http://www.debian.org/security/2015/dsa-3373", "https://owncloud.org/security/advisory/?id=oc-sa-2015-008", "http://www.securityfocus.com/bid/76162"], "lastseen": "2016-09-03T22:44:10", "description": "The external SMB storage driver in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 allows remote authenticated users to execute arbitrary SMB commands via a ; (semicolon) character in a file."}
{"owncloud": [{"lastseen": "2016-09-26T21:06:21", "references": [], "edition": 1, "description": "The external SMB storage of ownCloud was not properly neutralizing all special elements which allows an adversary to execute arbitrary SMB commands.\n\nThis was caused by improperly sanitizing the ; character which is interpreted as command separator by smbclient (the used software to connect to SMB shared by ownCloud)\n\nEffectively this allows an attacker to gain access to any file on the system or overwrite it, finally leading to a PHP code execution in the case of ownCloud's config file.\n\n \n\n\n* * *\n\n**[For more information please consult the official advisory.](<https://owncloud.org/security/advisory/?id=oC-SA-2015-008>)**\n\n\nThis advisory is licensed [CC BY-SA 4.0](https://creativecommons.org/licenses/by-sa/4.0/)", "reporter": "ownCloud", "published": "2015-06-24T16:10:59", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "owncloud", "title": "Server: Command injection when using external SMB storage", "bulletinFamily": "software", "affectedSoftware": [{"name": "ownCloud Server", "version": "8.0.4", "operator": "lt"}, {"name": "ownCloud Server", "version": "7.0.6", "operator": "lt"}, {"name": "ownCloud Server", "version": "6.0.8", "operator": "lt"}], "cvelist": ["CVE-2015-4718"], "modified": "2015-06-24T16:10:59", "id": "OC-SA-2015-008", "href": "https://owncloud.org/security/advisory/?id=oC-SA-2015-008", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-11T22:53:29", "references": [], "description": "The external SMB storage of ownCloud was not properly neutralizing all special elements which allows an adversary to execute arbitrary SMB commands.\n\nThis was caused by improperly sanitizing the ; character which is interpreted as command separator by smbclient (the used software to connect to SMB shared by ownCloud)\n\nEffectively this allows an attacker to gain access to any file on the system or overwrite it, finally leading to a PHP code execution in the case of ownCloud's config file.\n\n### Affected Software\n\n * ownCloud Server < **6.0.8** (CVE-2015-4718)\n * ownCloud Server < **7.0.6** (CVE-2015-4718)\n * ownCloud Server < **8.0.4** (CVE-2015-4718)\n\n### Action Taken\n\nFiles containing a `;` are no longer processed on external SMB storages. This is no regression as handling files containing said character was not reliably possible before as well.\n\nownCloud 8.1 will feature a completely rewritten SMB storage with cleaner code to reduce the attack surface even more.\n\n### Acknowledgements\n\nThe ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:\n\n * Lukas Reschke - ownCloud Inc. (lukas@owncloud.com) - Vulnerability discovery and disclosure.\n", "edition": 1, "reporter": "Lukas Reschke \u2013 ownCloud Inc. (lukas@owncloud.com) \u2013 Vulnerability discovery and disclosure.", "published": "2015-06-24T18:48:32", "type": "owncloud", "title": "Command injection when using external SMB storage - ownCloud", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "affectedSoftware": [{"name": "ownCloud Server", "version": "8.0.4", "operator": "lt"}, {"name": "ownCloud Server", "version": "7.0.6", "operator": "lt"}, {"name": "ownCloud Server", "version": "6.0.8", "operator": "lt"}], "bulletinFamily": "software", "cvelist": ["CVE-2015-4718"], "modified": "2018-01-03T18:49:00", "href": "https://owncloud.org/security/advisories/command-injection-using-external-smb-storage/", "id": "OWNCLOUD:85F6B1E6FEF0D0C44C7F7205BC1B98A6", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-09-01T23:45:29", "references": ["https://owncloud.org/security/advisory/?id=oc-sa-2015-007", "https://owncloud.org/security/advisory/?id=oc-sa-2015-008"], "pluginID": "1361412562310809292", "description": "The host is installed with ownCloud and\n is prone to multiple vulnerabilities.", "edition": 4, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-09-23T00:00:00", "title": "ownCloud Multiple Vulnerabilities Sep16 (Windows)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Web application abuses", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4717", "CVE-2015-4718"], "modified": "2017-10-24T00:00:00", "id": "OPENVAS:1361412562310809292", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809292", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_owncloud_mult_vuln_sep16_win.nasl 7545 2017-10-24 11:45:30Z cfischer $\n#\n# ownCloud Multiple Vulnerabilities Sep16 (Windows)\n#\n# Authors:\n# Tushar Khelge <ktushar@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:owncloud:owncloud\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809292\");\n script_version(\"$Revision: 7545 $\");\n script_cve_id(\"CVE-2015-4718\", \"CVE-2015-4717\");\n script_bugtraq_id(76162, 76161);\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-10-24 13:45:30 +0200 (Tue, 24 Oct 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-09-23 15:12:02 +0530 (Fri, 23 Sep 2016)\");\n script_name(\"ownCloud Multiple Vulnerabilities Sep16 (Windows)\");\n\n script_tag(name: \"summary\" , value:\"The host is installed with ownCloud and\n is prone to multiple vulnerabilities.\");\n\n script_tag(name: \"vuldetect\" , value:\"Get the installed version with the\n help of detect NVT and check the version is vulnerable or not.\");\n\n script_tag(name: \"insight\" , value:\"Multiple flaws exists due to\n - The external SMB storage of ownCloud was not properly neutralizing all\n special elements.\n - The filename sanitization component does not properly handle $_GET\n parameters cast by PHP to an array\");\n\n script_tag(name: \"impact\" , value:\"Successful exploitation will allows remote\n authenticated users to execute arbitrary SMB commands and to cause a denial\n of service.\n\n Impact Level: Application\");\n\n script_tag(name: \"affected\" , value:\"ownCloud Server before 6.0.8, 7.0.x\n before 7.0.6, and 8.0.x before 8.0.4 on Windows.\");\n\n script_tag(name: \"solution\", value:\"Upgrade ownCloud server 6.0.8, 7.0.6, 8.0.4 or later.\n For updates refer to http://owncloud.org\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_xref(name : \"URL\" , value : \"https://owncloud.org/security/advisory/?id=oc-sa-2015-008\");\n script_xref(name : \"URL\" , value : \"https://owncloud.org/security/advisory/?id=oc-sa-2015-007\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_owncloud_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"owncloud/installed\", \"Host/runs_windows\");\n script_require_ports(\"Services/www\", 80);\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\n## Variable Initialization\nownPort = \"\";\nownVer = \"\";\n\n## get the port\nif(!ownPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\n## Get version\nif(!ownVer = get_app_version(cpe:CPE, port:ownPort)){\n exit(0);\n}\n\nif(ownVer =~ \"^(8|7|6)\")\n{\n ## Grep for vulnerable version\n if(version_is_less(version:ownVer, test_version:\"6.0.8\"))\n {\n fix = \"6.0.8\";\n VULN = TRUE;\n }\n\n else if(version_in_range(version:ownVer, test_version:\"7.0.0\", test_version2:\"7.0.5\"))\n {\n fix = \"7.0.6\";\n VULN = TRUE;\n }\n\n else if(version_in_range(version:ownVer, test_version:\"8.0.0\", test_version2:\"8.0.3\"))\n {\n fix = \"8.0.4\";\n VULN = TRUE;\n }\n\n if(VULN)\n {\n report = report_fixed_ver(installed_version:ownVer, fixed_version:fix);\n security_message(data:report, port:ownPort);\n exit(0);\n }\n}\n\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:45:44", "references": ["https://owncloud.org/security/advisory/?id=oc-sa-2015-007", "https://owncloud.org/security/advisory/?id=oc-sa-2015-008"], "pluginID": "1361412562310809293", "description": "The host is installed with ownCloud and\n is prone to multiple vulnerabilities.", "edition": 4, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-09-23T00:00:00", "title": "ownCloud Multiple Vulnerabilities Sep16 (Linux)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Web application abuses", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4717", "CVE-2015-4718"], "modified": "2017-10-24T00:00:00", "id": "OPENVAS:1361412562310809293", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809293", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_owncloud_mult_vuln_sep16_lin.nasl 7545 2017-10-24 11:45:30Z cfischer $\n#\n# ownCloud Multiple Vulnerabilities Sep16 (Linux)\n#\n# Authors:\n# Tushar Khelge <ktushar@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:owncloud:owncloud\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809293\");\n script_version(\"$Revision: 7545 $\");\n script_cve_id(\"CVE-2015-4718\", \"CVE-2015-4717\");\n script_bugtraq_id(76162, 76161);\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-10-24 13:45:30 +0200 (Tue, 24 Oct 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-09-23 15:29:08 +0530 (Fri, 23 Sep 2016)\");\n script_name(\"ownCloud Multiple Vulnerabilities Sep16 (Linux)\");\n\n script_tag(name: \"summary\" , value:\"The host is installed with ownCloud and\n is prone to multiple vulnerabilities.\");\n\n script_tag(name: \"vuldetect\" , value:\"Get the installed version with the\n help of detect NVT and check the version is vulnerable or not.\");\n\n script_tag(name: \"insight\" , value:\"Multiple flaws exists due to\n - The external SMB storage of ownCloud was not properly neutralizing all\n special elements.\n - The filename sanitization component does not properly handle $_GET\n parameters cast by PHP to an array\");\n\n script_tag(name: \"impact\" , value:\"Successful exploitation will allows remote\n authenticated users to execute arbitrary SMB commands and to cause a denial\n of service.\n\n Impact Level: Application\");\n\n script_tag(name: \"affected\" , value:\"ownCloud Server before 6.0.8, 7.0.x\n before 7.0.6, and 8.0.x before 8.0.4 on Linux.\");\n\n script_tag(name: \"solution\", value:\"Upgrade ownCloud server 6.0.8, 7.0.6, 8.0.4 or later.\n For updates refer to http://owncloud.org\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_xref(name : \"URL\" , value : \"https://owncloud.org/security/advisory/?id=oc-sa-2015-008\");\n script_xref(name : \"URL\" , value : \"https://owncloud.org/security/advisory/?id=oc-sa-2015-007\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_owncloud_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"owncloud/installed\", \"Host/runs_unixoide\");\n script_require_ports(\"Services/www\", 80);\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\n## Variable Initialization\nownPort = \"\";\nownVer = \"\";\n\n## get the port\nif(!ownPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\n## Get version\nif(!ownVer = get_app_version(cpe:CPE, port:ownPort)){\n exit(0);\n}\n\nif(ownVer =~ \"^(8|7|6)\")\n{\n ## Grep for vulnerable version\n if(version_is_less(version:ownVer, test_version:\"6.0.8\"))\n {\n fix = \"6.0.8\";\n VULN = TRUE;\n }\n\n else if(version_in_range(version:ownVer, test_version:\"7.0.0\", test_version2:\"7.0.5\"))\n {\n fix = \"7.0.6\";\n VULN = TRUE;\n }\n\n else if(version_in_range(version:ownVer, test_version:\"8.0.0\", test_version2:\"8.0.3\"))\n {\n fix = \"8.0.4\";\n VULN = TRUE;\n }\n\n if(VULN)\n {\n report = report_fixed_ver(installed_version:ownVer, fixed_version:fix);\n security_message(data:report, port:ownPort);\n exit(0);\n }\n}\n\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:51:18", "references": ["https://advisories.mageia.org/MGASA-2015-0314.html"], "pluginID": "1361412562310130065", "description": "Mageia Linux Local Security Checks mgasa-2015-0314", "edition": 4, "reporter": "Eero Volotinen", "published": "2015-10-15T00:00:00", "title": "Mageia Linux Local Check: mgasa-2015-0314", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Mageia Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4715", "CVE-2015-4717", "CVE-2015-4718"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:1361412562310130065", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310130065", "sourceData": "# OpenVAS Vulnerability Test \n# Description: Mageia Linux security check \n# $Id: mgasa-2015-0314.nasl 6563 2017-07-06 12:23:47Z cfischer $\n \n# Authors: \n# Eero Volotinen <eero.volotinen@solinor.com> \n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://www.solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\nif(description)\n {\nscript_oid(\"1.3.6.1.4.1.25623.1.0.130065\");\nscript_version(\"$Revision: 6563 $\");\nscript_tag(name:\"creation_date\", value:\"2015-10-15 10:42:17 +0300 (Thu, 15 Oct 2015)\");\nscript_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 14:23:47 +0200 (Thu, 06 Jul 2017) $\");\nscript_name(\"Mageia Linux Local Check: mgasa-2015-0314\");\nscript_tag(name: \"insight\", value: \"In ownCloud before 6.0.8 and 8.0.4, a bug in the SDK used to connect ownCloud against the Dropbox server might allow the owner of Dropbox.com to gain access to any files on the ownCloud server if an external Dropbox storage was mounted (CVE-2015-4715). In ownCloud before 6.0.8 and 8.0.4, the sanitization component for filenames was vulnerable to DoS when parsing specially crafted file names passed via specific endpoints. Effectively this lead to a endless loop filling the log file until the system is not anymore responsive (CVE-2015-4717). In ownCloud before 6.0.8 and 8.0.4, the external SMB storage of ownCloud was not properly neutralizing all special elements which allows an adversary to execute arbitrary SMB commands. This was caused by improperly sanitizing the ';' character which is interpreted as command separator by smbclient (the used software to connect to SMB shared by ownCloud). Effectively this allows an attacker to gain access to any file on the system or overwrite it, finally leading to a PHP code execution in the case of ownClouds config file (CVE-2015-4718).\"); \nscript_tag(name : \"solution\", value : \"update software\");\nscript_tag(name : \"solution_type\", value : \"VendorFix\");\nscript_xref(name : \"URL\" , value : \"https://advisories.mageia.org/MGASA-2015-0314.html\");\nscript_cve_id(\"CVE-2015-4715\",\"CVE-2015-4717\",\"CVE-2015-4718\");\nscript_tag(name:\"cvss_base\", value:\"10.0\");\nscript_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_dependencies(\"gather-package-list.nasl\");\nscript_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\");\nscript_category(ACT_GATHER_INFO);\nscript_tag(name : \"summary\", value : \"Mageia Linux Local Security Checks mgasa-2015-0314\");\nscript_copyright(\"Eero Volotinen\");\nscript_family(\"Mageia Linux Local Security Checks\");\nexit(0);\n}\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\nrelease = get_kb_item(\"ssh/login/release\");\nres = \"\";\nif(release == NULL)\n{\n exit(0);\n}\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"owncloud\", rpm:\"owncloud~8.0.5~1.2.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99); #Not vulnerable\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:53:42", "references": ["http://www.debian.org/security/2015/dsa-3373.html"], "pluginID": "703373", "description": "Multiple vulnerabilities were discovered\nin ownCloud, a cloud storage web service for files, music, contacts, calendars and\nmany more. These flaws may lead to the execution of arbitrary code, authorization\nbypass, information disclosure, cross-site scripting or denial of service.", "edition": 3, "reporter": "Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net", "published": "2015-10-18T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "title": "Debian Security Advisory DSA 3373-1 (owncloud - security update)", "type": "openvas", "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4717", "CVE-2015-4718", "CVE-2015-4716", "CVE-2015-7699", "CVE-2015-6670", "CVE-2015-5953", "CVE-2015-6500", "CVE-2015-5954"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703373", "id": "OPENVAS:703373", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3373.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3373-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703373);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2015-4716\", \"CVE-2015-4717\", \"CVE-2015-4718\", \"CVE-2015-5953\",\n \"CVE-2015-5954\", \"CVE-2015-6500\", \"CVE-2015-6670\", \"CVE-2015-7699\");\n script_name(\"Debian Security Advisory DSA 3373-1 (owncloud - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-10-18 00:00:00 +0200 (Sun, 18 Oct 2015)\");\n script_tag(name: \"cvss_base\", value: \"10.0\");\n script_tag(name: \"cvss_base_vector\", value: \"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3373.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"owncloud on Debian Linux\");\n script_tag(name: \"insight\", value: \"ownCloud gives you universal access to\nyour files through a web interface or WebDAV. It also provides a platform to easily\nview & sync your contacts, calendars and bookmarks across all your devices and\nenables basic editing right on the web.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthese problems have been fixed in version 7.0.4+dfsg-4~deb8u3.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 7.0.10~dfsg-2 or earlier versions.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 7.0.10~dfsg-2 or earlier versions.\n\nWe recommend that you upgrade your owncloud packages.\");\n script_tag(name: \"summary\", value: \"Multiple vulnerabilities were discovered\nin ownCloud, a cloud storage web service for files, music, contacts, calendars and\nmany more. These flaws may lead to the execution of arbitrary code, authorization\nbypass, information disclosure, cross-site scripting or denial of service.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"owncloud\", ver:\"7.0.4+dfsg-4~deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:51:02", "references": ["http://www.debian.org/security/2015/dsa-3373.html"], "pluginID": "1361412562310703373", "description": "Multiple vulnerabilities were discovered\nin ownCloud, a cloud storage web service for files, music, contacts, calendars and\nmany more. These flaws may lead to the execution of arbitrary code, authorization\nbypass, information disclosure, cross-site scripting or denial of service.", "edition": 3, "reporter": "Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net", "published": "2015-10-18T00:00:00", "title": "Debian Security Advisory DSA 3373-1 (owncloud - security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4717", "CVE-2015-4718", "CVE-2015-4716", "CVE-2015-7699", "CVE-2015-6670", "CVE-2015-5953", "CVE-2015-6500", "CVE-2015-5954"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310703373", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703373", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3373.nasl 9355 2018-04-06 07:16:07Z cfischer $\n# Auto-generated from advisory DSA 3373-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703373\");\n script_version(\"$Revision: 9355 $\");\n script_cve_id(\"CVE-2015-4716\", \"CVE-2015-4717\", \"CVE-2015-4718\", \"CVE-2015-5953\",\n \"CVE-2015-5954\", \"CVE-2015-6500\", \"CVE-2015-6670\", \"CVE-2015-7699\");\n script_name(\"Debian Security Advisory DSA 3373-1 (owncloud - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2018-04-06 09:16:07 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value: \"2015-10-18 00:00:00 +0200 (Sun, 18 Oct 2015)\");\n script_tag(name: \"cvss_base\", value: \"10.0\");\n script_tag(name: \"cvss_base_vector\", value: \"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3373.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"owncloud on Debian Linux\");\n script_tag(name: \"insight\", value: \"ownCloud gives you universal access to\nyour files through a web interface or WebDAV. It also provides a platform to easily\nview & sync your contacts, calendars and bookmarks across all your devices and\nenables basic editing right on the web.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthese problems have been fixed in version 7.0.4+dfsg-4~deb8u3.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 7.0.10~dfsg-2 or earlier versions.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 7.0.10~dfsg-2 or earlier versions.\n\nWe recommend that you upgrade your owncloud packages.\");\n script_tag(name: \"summary\", value: \"Multiple vulnerabilities were discovered\nin ownCloud, a cloud storage web service for files, music, contacts, calendars and\nmany more. These flaws may lead to the execution of arbitrary code, authorization\nbypass, information disclosure, cross-site scripting or denial of service.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"owncloud\", ver:\"7.0.4+dfsg-4~deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:11:02", "references": [], "description": "\r\n\r\n-------------------------------------------------------------------------\r\nDebian Security Advisory DSA-3373-1 security@debian.org\r\nhttps://www.debian.org/security/ Salvatore Bonaccorso\r\nOctober 18, 2015 https://www.debian.org/security/faq\r\n-------------------------------------------------------------------------\r\n\r\nPackage : owncloud\r\nCVE ID : CVE-2015-4716 CVE-2015-4717 CVE-2015-4718 CVE-2015-5953\r\n CVE-2015-5954 CVE-2015-6500 CVE-2015-6670 CVE-2015-7699\r\nDebian Bug : 800126\r\n\r\nMultiple vulnerabilities were discovered in ownCloud, a cloud storage\r\nweb service for files, music, contacts, calendars and many more. These\r\nflaws may lead to the execution of arbitrary code, authorization bypass,\r\ninformation disclosure, cross-site scripting or denial of service.\r\n\r\nFor the stable distribution (jessie), these problems have been fixed in\r\nversion 7.0.4+dfsg-4~deb8u3.\r\n\r\nFor the testing distribution (stretch), these problems have been fixed\r\nin version 7.0.10~dfsg-2 or earlier versions.\r\n\r\nFor the unstable distribution (sid), these problems have been fixed in\r\nversion 7.0.10~dfsg-2 or earlier versions.\r\n\r\nWe recommend that you upgrade your owncloud packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: https://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2015-10-25T00:00:00", "title": "[SECURITY] [DSA 3373-1] owncloud security update", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:11:02", "vector": "NONE", "value": 6.8}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2015-4717", "CVE-2015-4718", "CVE-2015-4716", "CVE-2015-7699", "CVE-2015-6670", "CVE-2015-5953", "CVE-2015-6500", "CVE-2015-5954"], "modified": "2015-10-25T00:00:00", "id": "SECURITYVULNS:DOC:32580", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32580", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:02", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32580"], "description": "Code execution, authentication bypass, information disclosure, crossite scripting, DoS.", "edition": 1, "reporter": "BUGTRAQ", "published": "2015-10-25T00:00:00", "title": "owncloud multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:02", "vector": "NONE", "value": 6.8}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "owncloud", "version": "7.0", "operator": "eq"}], "cvelist": ["CVE-2015-4717", "CVE-2015-4718", "CVE-2015-4716", "CVE-2015-7699", "CVE-2015-6670", "CVE-2015-5953", "CVE-2015-6500", "CVE-2015-5954"], "modified": "2015-10-25T00:00:00", "id": "SECURITYVULNS:VULN:14743", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14743", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2016-09-02T18:27:55", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "7.0.4+dfsg-4~deb8u3", "arch": "all", "packageFilename": "owncloud_7.0.4+dfsg-4~deb8u3_all.deb", "packageName": "owncloud", "operator": "lt"}], "description": "Multiple vulnerabilities were discovered in ownCloud, a cloud storage web service for files, music, contacts, calendars and many more. These flaws may lead to the execution of arbitrary code, authorization bypass, information disclosure, cross-site scripting or denial of service.\n\nFor the stable distribution (jessie), these problems have been fixed in version 7.0.4+dfsg-4~deb8u3.\n\nFor the testing distribution (stretch), these problems have been fixed in version 7.0.10~dfsg-2 or earlier versions.\n\nFor the unstable distribution (sid), these problems have been fixed in version 7.0.10~dfsg-2 or earlier versions.\n\nWe recommend that you upgrade your owncloud packages.", "edition": 1, "reporter": "Debian", "published": "2015-10-18T00:00:00", "title": "owncloud -- security update", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "type": "debian", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4717", "CVE-2015-4718", "CVE-2015-4716", "CVE-2015-7699", "CVE-2015-6670", "CVE-2015-5953", "CVE-2015-6500", "CVE-2015-5954"], "modified": "2015-10-18T00:00:00", "id": "DSA-3373", "href": "http://www.debian.org/security/dsa-3373", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2018-09-01T23:45:35", "references": ["http://www.debian.org/security/2015/dsa-3373", "https://packages.debian.org/source/jessie/owncloud", "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800126"], "pluginID": "86430", "description": "Multiple vulnerabilities were discovered in ownCloud, a cloud storage web service for files, music, contacts, calendars and many more. These flaws may lead to the execution of arbitrary code, authorization bypass, information disclosure, cross-site scripting or denial of service.", "edition": 4, "reporter": "Tenable", "published": "2015-10-19T00:00:00", "title": "Debian DSA-3373-1 : owncloud - security update", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4717", "CVE-2015-4718", "CVE-2015-4716", "CVE-2015-7699", "CVE-2015-6670", "CVE-2015-5953", "CVE-2015-6500", "CVE-2015-5954"], "modified": "2015-10-23T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:owncloud"], "id": "DEBIAN_DSA-3373.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=86430", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3373. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86430);\n script_version(\"$Revision: 2.2 $\");\n script_cvs_date(\"$Date: 2015/10/23 13:44:41 $\");\n\n script_cve_id(\"CVE-2015-4716\", \"CVE-2015-4717\", \"CVE-2015-4718\", \"CVE-2015-5953\", \"CVE-2015-5954\", \"CVE-2015-6500\", \"CVE-2015-6670\", \"CVE-2015-7699\");\n script_xref(name:\"DSA\", value:\"3373\");\n\n script_name(english:\"Debian DSA-3373-1 : owncloud - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities were discovered in ownCloud, a cloud storage\nweb service for files, music, contacts, calendars and many more. These\nflaws may lead to the execution of arbitrary code, authorization\nbypass, information disclosure, cross-site scripting or denial of\nservice.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800126\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/owncloud\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2015/dsa-3373\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the owncloud packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 7.0.4+dfsg-4~deb8u3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:owncloud\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"owncloud\", reference:\"7.0.4+dfsg-4~deb8u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
