Lucene search
Lukas Reschke – ownCloud Inc. ([email protected]) – Vulnerability discovery and disclosure.OWNCLOUD:CD54D16593C488F3DEDAFBA9B5D83784HistorySep 30, 2015 - 6:53 p.m.
Command injection when using external SMB storage - ownCloud
2015-09-3018:53:46
Lukas Reschke – ownCloud Inc. ([email protected]) – Vulnerability discovery and disclosure.
owncloud.org
34
EPSS
0.005
Percentile
76.1%
The external legacy SMB storage (not using php-libsmbclient) of ownCloud was not properly neutralizing all special elements which allows an adversary to execute arbitrary SMB commands.
Effectively this allows an attacker to gain access to any file on the system or overwrite it, potentially leading to a PHP code execution.
Affected Software
- ownCloud Server < 8.1.2 (CVE-2015-7698)
Action Taken
The vulnerable library is now properly handling potentially dangerous characters.
Acknowledgements
The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:
- Lukas Reschke - ownCloud Inc. ([email protected]) - Vulnerability discovery and disclosure.
Related
prion
prion
Command injection
2015-10-21 18:59:00
cvelist
cvelist
CVE-2015-7698
2015-10-21 18:00:00
nvd
nvd
CVE-2015-7698
2015-10-21 18:59:06
ubuntucve
ubuntucve
CVE-2015-7698
2015-10-21 00:00:00
openvas
openvas
ownCloud <= 8.1.1 RCE Vulnerability (oC-SA-2015-017)
2021-09-21 00:00:00
owncloud
owncloud
Server: Command injection when using external SMB storage
2015-09-30 16:53:51
cve
cve
CVE-2015-7698
2015-10-21 18:59:06