Resource Exthaustion when sanitizing filenames
Platform: ownCloud Server
Versions: 6.0.8, 7.0.6, 8.0.4,
Date: 6/24/2015
Risk level: Medium
CVSS v2 Base Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
CWE: Uncontrolled Resource Consumption (‘Resource Exhaustion’) (CWE-400)
Description
The sanitization component for filenames was vulnerable to DoS when parsing specially crafted file names passed via specific endpoints.
Effectively this lead to a endless loop filling the log file until the system is not anymore responsive.
Affected Software
- ownCloud Server < 6.0.8 (CVE-2015-4717)
- ownCloud Server < 7.0.6 (CVE-2015-4717)
- ownCloud Server < 8.0.4 (CVE-2015-4717)
Action Taken
This was caused by the PHP behaviour of allowing to cast $_GET
values to an array. The critical usages have been fixed in all affected versions and with ownCloud 8.1 the usages of $_GET
in the whole code base has been reviewed.
Acknowledgements
The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:
- Emiel Florijn – Vulnerability discovery and disclosure.