Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2015-0314)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.130065

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2015-0314)

Resumen: The remote host is missing an update for the 'owncloud' package(s) announced via the MGASA-2015-0314 advisory.

Descripción: Summary:
The remote host is missing an update for the 'owncloud' package(s) announced via the MGASA-2015-0314 advisory.

Vulnerability Insight:
In ownCloud before 6.0.8 and 8.0.4, a bug in the SDK used to connect
ownCloud against the Dropbox server might allow the owner of 'Dropbox.com'
to gain access to any files on the ownCloud server if an external Dropbox
storage was mounted (CVE-2015-4715).

In ownCloud before 6.0.8 and 8.0.4, the sanitization component for
filenames was vulnerable to DoS when parsing specially crafted file names
passed via specific endpoints. Effectively this lead to a endless loop
filling the log file until the system is not anymore responsive
(CVE-2015-4717).

In ownCloud before 6.0.8 and 8.0.4, the external SMB storage of ownCloud
was not properly neutralizing all special elements which allows an
adversary to execute arbitrary SMB commands. This was caused by improperly
sanitizing the ',' character which is interpreted as command separator by
smbclient (the used software to connect to SMB shared by ownCloud).
Effectively this allows an attacker to gain access to any file on the
system or overwrite it, finally leading to a PHP code execution in the
case of ownCloud's config file (CVE-2015-4718).

Affected Software/OS:
'owncloud' package(s) on Mageia 4, Mageia 5.

Solution:
Please install the updated package(s).

CVSS Score:
9.0

CVSS Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-4715
http://www.securityfocus.com/bid/76158
https://github.com/owncloud/core/commit/bf0f1a50926a75a26a42a3da4d62e84a489ee77a
https://owncloud.org/security/advisory/?id=oc-sa-2015-005
Common Vulnerability Exposure (CVE) ID: CVE-2015-4717
BugTraq ID: 76161
http://www.securityfocus.com/bid/76161
Debian Security Information: DSA-3373 (Google Search)
http://www.debian.org/security/2015/dsa-3373
Common Vulnerability Exposure (CVE) ID: CVE-2015-4718
BugTraq ID: 76162
http://www.securityfocus.com/bid/76162

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.130065
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2015-0314)
Resumen:	The remote host is missing an update for the 'owncloud' package(s) announced via the MGASA-2015-0314 advisory.
Descripción:	Summary: The remote host is missing an update for the 'owncloud' package(s) announced via the MGASA-2015-0314 advisory. Vulnerability Insight: In ownCloud before 6.0.8 and 8.0.4, a bug in the SDK used to connect ownCloud against the Dropbox server might allow the owner of 'Dropbox.com' to gain access to any files on the ownCloud server if an external Dropbox storage was mounted (CVE-2015-4715). In ownCloud before 6.0.8 and 8.0.4, the sanitization component for filenames was vulnerable to DoS when parsing specially crafted file names passed via specific endpoints. Effectively this lead to a endless loop filling the log file until the system is not anymore responsive (CVE-2015-4717). In ownCloud before 6.0.8 and 8.0.4, the external SMB storage of ownCloud was not properly neutralizing all special elements which allows an adversary to execute arbitrary SMB commands. This was caused by improperly sanitizing the ',' character which is interpreted as command separator by smbclient (the used software to connect to SMB shared by ownCloud). Effectively this allows an attacker to gain access to any file on the system or overwrite it, finally leading to a PHP code execution in the case of ownCloud's config file (CVE-2015-4718). Affected Software/OS: 'owncloud' package(s) on Mageia 4, Mageia 5. Solution: Please install the updated package(s). CVSS Score: 9.0 CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-4715 http://www.securityfocus.com/bid/76158 https://github.com/owncloud/core/commit/bf0f1a50926a75a26a42a3da4d62e84a489ee77a https://owncloud.org/security/advisory/?id=oc-sa-2015-005 Common Vulnerability Exposure (CVE) ID: CVE-2015-4717 BugTraq ID: 76161 http://www.securityfocus.com/bid/76161 Debian Security Information: DSA-3373 (Google Search) http://www.debian.org/security/2015/dsa-3373 Common Vulnerability Exposure (CVE) ID: CVE-2015-4718 BugTraq ID: 76162 http://www.securityfocus.com/bid/76162
Copyright	Copyright (C) 2015 Greenbone AG