You are here

V-033: ownCloud Cross-Site Scripting and File Upload Vulnerabilities

November 26, 2012 - 2:00am

Addthis

PROBLEM:

ownCloud Cross-Site Scripting and File Upload Vulnerabilities

PLATFORM:

ownCloud 4.5.2, 4.5.1, 4.0.9

ABSTRACT:

Multiple vulnerabilities have been reported in ownCloud

REFERENCE LINKS:

ownCloud Server Advisories
Secunia Advisory SA51357

IMPACT ASSESSMENT:

Medium

DISCUSSION:

1) Input passed via the filename to apps/files_versions/js/versions.js and apps/files/js/filelist.js and event title to 3rdparty/fullcalendar/js/fullcalendar.js is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

This vulnerability is reported in version 4.5.0 and versions prior to 4.0.9.

2) Certain unspecified input passed to apps/user_webdavauth/settings.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

3) An error due to the lib/migrate.php script not properly verifying uploaded files can be exploited to execute arbitrary PHP code by uploading a malicious mount.php file within a ZIP file.

Vulnerabilities #2 and #3 are reported in versions prior to 4.5.2.

4) An error due to the lib/filesystem.php script not properly verifying uploaded files can be exploited to execute arbitrary PHP code by uploading a malicious PHP file with a specially crafted filename.

This vulnerability is reported in versions prior to 4.5.2 and 4.0.9.

IMPACT:

Multiple vulnerabilities reported can be exploited by malicious users to compromise a vulnerable system and malicious people to conduct cross-site scripting attacks.

SOLUTION:

Update to version 7.7.3 : Update and Upgrade

Addthis