PROBLEM:
ownCloud Cross-Site Scripting and File Upload Vulnerabilities
PLATFORM:
ownCloud 4.5.2, 4.5.1, 4.0.9
ABSTRACT:
Multiple vulnerabilities have been reported in ownCloud
REFERENCE LINKS:
ownCloud Server Advisories
Secunia Advisory SA51357
IMPACT ASSESSMENT:
Medium
DISCUSSION:
1) Input passed via the filename to apps/files_versions/js/versions.js and apps/files/js/filelist.js and event title to 3rdparty/fullcalendar/js/fullcalendar.js is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
This vulnerability is reported in version 4.5.0 and versions prior to 4.0.9.
2) Certain unspecified input passed to apps/user_webdavauth/settings.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
3) An error due to the lib/migrate.php script not properly verifying uploaded files can be exploited to execute arbitrary PHP code by uploading a malicious mount.php file within a ZIP file.
Vulnerabilities #2 and #3 are reported in versions prior to 4.5.2.
4) An error due to the lib/filesystem.php script not properly verifying uploaded files can be exploited to execute arbitrary PHP code by uploading a malicious PHP file with a specially crafted filename.
This vulnerability is reported in versions prior to 4.5.2 and 4.0.9.
IMPACT:
Multiple vulnerabilities reported can be exploited by malicious users to compromise a vulnerable system and malicious people to conduct cross-site scripting attacks.
SOLUTION:
Update to version 7.7.3 : Update and Upgrade