Server: Command injection when using external SMB storage
2015-09-30T16:53:51
ID OC-SA-2015-017 Type owncloud Reporter ownCloud Modified 2015-09-30T16:53:51
Description
The external legacy SMB storage (not using php-libsmbclient) of ownCloud was not properly neutralizing all special elements which allows an adversary to execute arbitrary SMB commands.
Effectively this allows an attacker to gain access to any file on the system or overwrite it, potentially leading to a PHP code execution.
{"edition": 1, "lastseen": "2016-09-26T21:06:20", "viewCount": 25, "bulletinFamily": "software", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/", "score": 9.0}, "id": "OC-SA-2015-017", "enchantments": {"score": {"value": 6.2, "vector": "NONE", "modified": "2016-09-26T21:06:20", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-7698"]}, {"type": "owncloud", "idList": ["OWNCLOUD:CD54D16593C488F3DEDAFBA9B5D83784"]}], "modified": "2016-09-26T21:06:20", "rev": 2}, "vulnersScore": 6.2}, "type": "owncloud", "description": "The external legacy SMB storage (not using php-libsmbclient) of ownCloud was not properly neutralizing all special elements which allows an adversary to execute arbitrary SMB commands.\n\nEffectively this allows an attacker to gain access to any file on the system or overwrite it, potentially leading to a PHP code execution.\n\n \n\n\n* * *\n\n**[For more information please consult the official advisory.](<https://owncloud.org/security/advisory/?id=oC-SA-2015-017>)**\n\n\nThis advisory is licensed [CC BY-SA 4.0](https://creativecommons.org/licenses/by-sa/4.0/)", "title": "Server: Command injection when using external SMB storage", "cvelist": ["CVE-2015-7698"], "published": "2015-09-30T16:53:51", "references": [], "reporter": "ownCloud", "affectedSoftware": [{"version": "8.1.2", "name": "ownCloud Server", "operator": "lt"}], "modified": "2015-09-30T16:53:51", "href": "https://owncloud.org/security/advisory/?id=oC-SA-2015-017"}
{"cve": [{"lastseen": "2021-02-02T06:21:29", "description": "icewind1991 SMB before 1.0.3 allows remote authenticated users to execute arbitrary SMB commands via shell metacharacters in the user argument in the (1) listShares function in Server.php or the (2) connect or (3) read function in Share.php.", "edition": 6, "cvss3": {}, "published": "2015-10-21T18:59:00", "title": "CVE-2015-7698", "type": "cve", "cwe": ["CWE-78"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7698"], "modified": "2015-10-22T19:51:00", "cpe": ["cpe:/a:owncloud:owncloud:8.1.1", "cpe:/a:owncloud:smb:1.0.2"], "id": "CVE-2015-7698", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7698", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:owncloud:owncloud:8.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:owncloud:smb:1.0.2:*:*:*:*:*:*:*"]}], "owncloud": [{"lastseen": "2018-01-11T22:53:27", "bulletinFamily": "software", "cvelist": ["CVE-2015-7698"], "description": "The external legacy SMB storage (not using php-libsmbclient) of ownCloud was not properly neutralizing all special elements which allows an adversary to execute arbitrary SMB commands.\n\nEffectively this allows an attacker to gain access to any file on the system or overwrite it, potentially leading to a PHP code execution.\n\n### Affected Software\n\n * ownCloud Server < **8.1.2** (CVE-2015-7698) \n * [core/8c145541f65592a4d2d7de50ecfa1b0698496cb8](<https://github.com/owncloud/core/commit/8c145541f65592a4d2d7de50ecfa1b0698496cb8>)\n\n### Action Taken\n\nThe vulnerable library is now properly handling potentially dangerous characters.\n\n### Acknowledgements\n\nThe ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:\n\n * Lukas Reschke - ownCloud Inc. (lukas@owncloud.com) - Vulnerability discovery and disclosure.\n", "edition": 1, "modified": "2018-01-03T18:54:51", "published": "2015-09-30T18:53:46", "href": "https://owncloud.org/security/advisories/command-injection-using-external-smb-storage-2/", "id": "OWNCLOUD:CD54D16593C488F3DEDAFBA9B5D83784", "type": "owncloud", "title": "Command injection when using external SMB storage - ownCloud", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
