ownCloud Multiple Vulnerabilities

by Carol~ Moderator - 4/4/13 12:11 PM

In Reply to: VULNERABILITIES / FIXES - April 04, 2013 by Carol~ Moderator

Release Date : 2013-04-04

Criticality level : Less critical
Impact : Cross Site Scripting
Manipulation of data
Where : From remote
Solution Status: Vendor Patch

Software: ownCloud 5.x

Description:
Some vulnerabilities have been reported in ownCloud, which can be exploited by malicious users to conduct script insertion and SQL injection attacks.

1) Input passed via the "new_name" POST parameter to /apps/bookmarks/ajax/renameTag.php is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site if malicious data is viewed.

Successful exploitation of this vulnerability requires the "bookmark" application to be enabled (enabled by default).

2) Certain unspecified input passed to some files in apps/contacts/ajax/ is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site if malicious data is viewed.

Successful exploitation of this vulnerability requires the "calendar" application to be enabled (enabled by default).

3) Certain unspecified input passed to addressbookprovider.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation of this vulnerability requires the "contacts" application to be enabled (enabled by default).

The vulnerabilities are reported in versions prior to 5.0.1.

Solution:
Update to version 5.0.3.

Provided and/or discovered by:
The vendor credits:
1,2) Dylan Irzi
3) Alexander Buerger

Original Advisory:
http://owncloud.org/about/security/advisories/oC-SA-2013-011/
http://owncloud.org/about/security/advisories/oC-SA-2013-012/

http://secunia.com/advisories/52833/