Resource Exthaustion when sanitizing filenames
Platform: ownCloud Server
Versions: 6.0.8, 7.0.6, 8.0.4,
Risk level: Medium
CVSS v2 Base Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
The sanitization component for filenames was vulnerable to DoS when parsing specially crafted file names passed via specific endpoints.
Effectively this lead to a endless loop filling the log file until the system is not anymore responsive.
- ownCloud Server < 6.0.8 (CVE-2015-4717)
- ownCloud Server < 7.0.6 (CVE-2015-4717)
- ownCloud Server < 8.0.4 (CVE-2015-4717)
This was caused by the PHP behaviour of allowing to cast
$_GET values to an array. The critical usages have been fixed in all affected versions and with ownCloud 8.1 the usages of
$_GET in the whole code base has been reviewed.
The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:
- Emiel Florijn – Vulnerability discovery and disclosure.