MGASA-2015-0314

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2015-0314.html

Import Source

https://advisories.mageia.org/MGASA-2015-0314.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2015-0314

Upstream

CVE-2015-4715

CVE-2015-4717

CVE-2015-4718

Published

2015-08-13T20:56:40Z

Modified

2026-04-16T06:26:05.984206449Z

Summary

Updated owncloud package fixes security vulnerabilities

Details

In ownCloud before 6.0.8 and 8.0.4, a bug in the SDK used to connect ownCloud against the Dropbox server might allow the owner of "Dropbox.com" to gain access to any files on the ownCloud server if an external Dropbox storage was mounted (CVE-2015-4715).

In ownCloud before 6.0.8 and 8.0.4, the sanitization component for filenames was vulnerable to DoS when parsing specially crafted file names passed via specific endpoints. Effectively this lead to a endless loop filling the log file until the system is not anymore responsive (CVE-2015-4717).

In ownCloud before 6.0.8 and 8.0.4, the external SMB storage of ownCloud was not properly neutralizing all special elements which allows an adversary to execute arbitrary SMB commands. This was caused by improperly sanitizing the ";" character which is interpreted as command separator by smbclient (the used software to connect to SMB shared by ownCloud). Effectively this allows an attacker to gain access to any file on the system or overwrite it, finally leading to a PHP code execution in the case of ownCloud's config file (CVE-2015-4718).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:4 / owncloud

Package

Name: owncloud
Purl: pkg:rpm/mageia/owncloud?arch=source&distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.0.9-1.mga4

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2015-0314.json"

Mageia:5 / owncloud

Package

Name: owncloud
Purl: pkg:rpm/mageia/owncloud?arch=source&distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.0.5-1.2.mga5

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2015-0314.json"