Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <CAD1Nwhg9ZghcvW8Uehcge-PMdk8jg-O5EFoeKgmB-pERiRGJAA@mail.gmail.com>
Date: Wed, 3 Apr 2013 19:23:40 +0200
From: Lukas Reschke <lukas@...cloud.org>
To: oss-security@...ts.openwall.com
Cc: "security@...cloud.com" <security@...cloud.com>
Subject: ownCloud Security Advisories (2013-011, 2013-012)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

To avoid confusion: The download links are pointing to 5.0.3 since it was
just released one day after 5.0.1 (and 5.0.2) because of two nasty upgrade
bugs.

This bugs are only affecting the 5.0 branch.

--------------------

# Multiple XSS vulnerabilities (oC-SA-2013-011)

Web: http://owncloud.org/about/security/advisories/oC-SA-2013-011/


## CVE IDENTIFIERS
- - CVE-2013-1890


## AFFECTED SOFTWARE
- - ownCloud Server < 5.0.1


## DESCRIPTION
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 5.0.0
allow remote attackers to inject arbitrary web script or HTML via


- - the "new_name" POST parameter to renameTag.php in /apps/bookmarks/ajax/
  - Commits: 1c63eb1 (stable5)
  - Risk: Medium
  - Note: Successful exploitation of this stored XSS requires the
“bookmark” app to be enabled. (enabled by default)
- - multiple unspecified parameters to several files in apps/contacts/ajax/
  - Commits: ae9e5a4 (stable5)
  - Risk: Medium
  - Note: Successful exploitation of this stored XSS requires the
“calendar” app to be enabled. (enabled by default)


## Credits
The ownCloud Team would like to thank Dylan Irzi
(http://websecuritydev.com/) for discovering this vulnerabilities.


## RESOLUTION
Update to ownCloud Server 5.0.3
http://download.owncloud.org/community/owncloud-5.0.3.tar.bz2




- --------------------


# contacts: SQL Injection (oC-SA-2013-012)


Web: http://owncloud.org/about/security/advisories/oC-SA-2013-012/


## CVE IDENTIFIERS
- - CVE-2013-1893


## AFFECTED SOFTWARE
- - ownCloud Server < 5.0.1

## RISK
- Critical

## Commits
- stable5: c1b62af


## DESCRIPTION
ownCloud before 5.0.1 does not neutralize special elements that are passed
to the SQL query in addressbookprovider.php which therefore allows an
authenticated attacker to execute arbitrary SQL commands.


Note: Successful exploitation of this vulnerability requires the "contacts"
application to be enabled. (enabled by default)


## Credits
The ownCloud Team would like to thank Alexander Bürger for discovering this
vulnerability.


## RESOLUTION
Update to ownCloud Server 5.0.3
http://download.owncloud.org/community/owncloud-5.0.3.tar.bz2

-- 
ownCloud
Your Cloud, Your Data, Your Way!




GPG: 0xEB32B77BA406BE99

-----BEGIN PGP SIGNATURE-----

wsFcBAEBAgAQBQJRXGWNCRDrMrd7pAa+mQAAiGsP/29XRSM1Feazdcb3SZrb
S45G7hMOCGbM/WTHVO4gQKsH/UJdjdURDq+jF5LPrHtFdpzZvNlJq392va7y
Reo2d/OJOfPhKmagktq1S+RXRCM49tEARYZryXoHtVJ24spUjyFoje+AYdio
DUjA7K94zxgNx+oI8E+wps2HHjasRLkVUHvK19SFpJJmS0Uo+1pKNRDKD1oj
CQrt0lChORp6xJrCh70yp1fB3HTYfysE5K6h/9nTvsEwAcoPHxC3PKUvovAe
uHMPaUO0ClDQzHlApue9XHsTV0b/zlRtSVlb7+DwwIOGVcxWt2vIxWXerA54
/shDxAB1h/eORjkbtMyrpyd0kN7ZxUHBhWIxWgSJOLNHFf2ECbDtuvU/SMsU
ojGBCRbptOgx7xAvtIULFdtTuJ2xDC4ERowWST7UVQ4q8DA3ygP4NvQd8f46
yObXDATM5l6ldeXXONQ6+MIQBDsCn+E6gJUk0ek/aCwiClZ44oZSFfD7+UiI
2c5/RRhjk1CtsYdr+LExm42vSfHsaH23MFYw5oFmz1NLHYUNmcrTB2gJFOj3
Fr5dcJ+QqVjQsDf6ewP1JwnF4SelRX3qGOcubrixw4clQKoCSrvCcEu9d1sF
olOlMFbg7uVfbDKrzOsE8pujel2fZ5In35fuFivSuX09V/aJuCHlkYo/y0p/
pVn6
=LD+w
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.