From a1f9673a7cd94805f1ed5ee3c046b37eb9d00535 Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@owncloud.com>
Date: Thu, 25 Jun 2015 14:58:40 +0200
Subject: [PATCH] Add identifiers

---
 advisories/oc-sa-2015-005.php | 2 +-
 advisories/oc-sa-2015-006.php | 2 +-
 advisories/oc-sa-2015-007.php | 2 +-
 advisories/oc-sa-2015-008.php | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/advisories/oc-sa-2015-005.php b/advisories/oc-sa-2015-005.php
index 578e1fd5a..38dc5a2a0 100644
--- a/advisories/oc-sa-2015-005.php
+++ b/advisories/oc-sa-2015-005.php
@@ -18,7 +18,7 @@
         <p><p>A bug in the SDK used to connect ownCloud against the Dropbox server might allow the owner of "Dropbox.com" to gain access to any files on the ownCloud server if an external Dropbox storage was mounted.</p><p>This was caused by a feature of PHP (which has been turned off per default as of PHP 5.6.0) in the handling of POST values sent to the remote host. If a value was prefixed with <code>@</code> the content of the value was replaced with the file name specified after the <code>@</code>.</p><p>Effectively this might allow "dropbox.com" to read any files on the server if the following requirements are met:</p><ul><li>Server is running a PHP version below 5.6.0</li><li>An external Dropbox storage has been mounted in ownCloud</li><li>An authenticated user sends a specially crafted request to the mounted storage</li></ul><p>Per default ownCloud does not include any Dropbox mounts.</p></p>
         <h3>Affected Software</h3>
         <ul>
-            <li>ownCloud Server &lt; <strong>6.0.8</strong> (CVE assignment pending)</li><li>ownCloud Server &lt; <strong>7.0.6</strong> (CVE assignment pending)</li><li>ownCloud Server &lt; <strong>8.0.4</strong> (CVE assignment pending)</li>
+            <li>ownCloud Server &lt; <strong>6.0.8</strong> (CVE-2015-4715)</li><li>ownCloud Server &lt; <strong>7.0.6</strong> (CVE-2015-4715)</li><li>ownCloud Server &lt; <strong>8.0.4</strong> (CVE-2015-4715)</li>
         </ul>
         <h3>Action Taken</h3>
         <p><p>The ownCloud server component is now refusing to handle any files containing a <code>@</code> on the Dropbox external storage. This is no regression as handling files containing said character was not reliably possible before as well.</p><p>The upcoming ownCloud Server 8.1 will contain a new version of the used library to connect to Dropbox which handles files with <code>@</code> correctly.</p></p>
diff --git a/advisories/oc-sa-2015-006.php b/advisories/oc-sa-2015-006.php
index d027e476b..5d7f886f4 100644
--- a/advisories/oc-sa-2015-006.php
+++ b/advisories/oc-sa-2015-006.php
@@ -18,7 +18,7 @@
         <p><p>Due to an improper control of the filename for a <code>require_once()</code> statement in the routing component a limited local file inclusion vulnerability is existent in all below mentioned ownCloud versions when running on the MS Windows Platform.</p><p>Depending on the ownCloud configuration and the authentication state of a remote attacker this vulnerability may have different impact. Specifically:</p><ul><li>An unauthenticated remote attacker is able to reinstall the instance in case he is able to connect to a database or the SQLite driver is installed. This will overwrite the existing configuration and existing users will not be able to login anymore. This attack is very likely to be noticed, however an attacker is granted administrative access to the ownCloud instance. If a backup of the configuration file is accessible for the web server user the attacker might restore it after a successful exploitation to cover the attack</li><li>An unauthenticated remote attacker is able to execute arbitrary PHP code if he is able to upload files using the public upload functionality and he can guess the full path of the folder.</li><li>An authenticated remote attacker is able to execute arbitrary PHP code if the /data/ directory is below the ownCloud root. The directory can be moved using the datadirectory configuration in config/config.php.</li></ul></p>
         <h3>Affected Software</h3>
         <ul>
-            <li>ownCloud Server &lt; <strong>7.0.6</strong> (CVE assignment pending)</li><li>ownCloud Server &lt; <strong>8.0.4</strong> (CVE assignment pending)</li>
+            <li>ownCloud Server &lt; <strong>7.0.6</strong> (CVE-2015-4716)</li><li>ownCloud Server &lt; <strong>8.0.4</strong> (CVE-2015-4716)</li>
         </ul>
         <h3>Action Taken</h3>
         <p><p>The ownCloud Server component is now properly sanitizing characters to the affected routing component. Starting with ownCloud 8.1 it will not be possible anymore to run ownCloud Server on the MS Windows Platform.</p></p>
diff --git a/advisories/oc-sa-2015-007.php b/advisories/oc-sa-2015-007.php
index 92b6b62ff..45857db0d 100644
--- a/advisories/oc-sa-2015-007.php
+++ b/advisories/oc-sa-2015-007.php
@@ -18,7 +18,7 @@
         <p><p>The sanitization component for filenames was vulnerable to DoS when parsing specially crafted file names passed via specific endpoints.</p><p>Effectively this lead to a endless loop filling the log file until the system is not anymore responsive.</p></p>
         <h3>Affected Software</h3>
         <ul>
-            <li>ownCloud Server &lt; <strong>6.0.8</strong> (CVE assignment pending)</li><li>ownCloud Server &lt; <strong>7.0.6</strong> (CVE assignment pending)</li><li>ownCloud Server &lt; <strong>8.0.4</strong> (CVE assignment pending)</li>
+            <li>ownCloud Server &lt; <strong>6.0.8</strong> (CVE-2015-4717)</li><li>ownCloud Server &lt; <strong>7.0.6</strong> (CVE-2015-4717)</li><li>ownCloud Server &lt; <strong>8.0.4</strong> (CVE-2015-4717)</li>
         </ul>
         <h3>Action Taken</h3>
         <p><p>This was caused by the PHP behaviour of allowing to cast <code>$_GET</code> values to an array. The critical usages have been fixed in all affected versions and with ownCloud 8.1 the usages of <code>$_GET</code> in the whole code base has been reviewed.</p></p>
diff --git a/advisories/oc-sa-2015-008.php b/advisories/oc-sa-2015-008.php
index cfca9a883..4956ee6c1 100644
--- a/advisories/oc-sa-2015-008.php
+++ b/advisories/oc-sa-2015-008.php
@@ -18,7 +18,7 @@
         <p><p>The external SMB storage of ownCloud was not properly neutralizing all special elements which allows an adversary to execute arbitrary SMB commands.</p><p>This was caused by improperly sanitizing the ; character which is interpreted as command separator by smbclient (the used software to connect to SMB shared by ownCloud)</p><p>Effectively this allows an attacker to gain access to any file on the system or overwrite it, finally leading to a PHP code execution in the case of ownCloud’s config file.</p></p>
         <h3>Affected Software</h3>
         <ul>
-            <li>ownCloud Server &lt; <strong>6.0.8</strong> (CVE assignment pending)</li><li>ownCloud Server &lt; <strong>7.0.6</strong> (CVE assignment pending)</li><li>ownCloud Server &lt; <strong>8.0.4</strong> (CVE assignment pending)</li>
+            <li>ownCloud Server &lt; <strong>6.0.8</strong> (CVE-2015-4718)</li><li>ownCloud Server &lt; <strong>7.0.6</strong> (CVE-2015-4718)</li><li>ownCloud Server &lt; <strong>8.0.4</strong> (CVE-2015-4718)</li>
         </ul>
         <h3>Action Taken</h3>
         <p><p>Files containing a <code>;</code> are no longer processed on external SMB storages. This is no regression as handling files containing said character was not reliably possible before as well.</p><p>ownCloud 8.1 will feature a completely rewritten SMB storage with cleaner code to reduce the attack surface even more.</p></p>