492786 – (CVE-2013-6403) <www-apps/owncloud-5.0.13-r1 : possible security bypass on admin page (CVE-2013-6403)

Bug 492786 (CVE-2013-6403) - <www-apps/owncloud-5.0.13-r1 : possible security bypass on admin page (CVE-2013-6403)

Summary: <www-apps/owncloud-5.0.13-r1 : possible security bypass on admin page (CVE-20...

Status:	RESOLVED FIXED

Alias:	CVE-2013-6403

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial (vote)
Assignee:	Gentoo Security

URL:	https://bugzilla.redhat.com/show_bug....
Whiteboard:	~4 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2013-11-28 11:25 UTC by Agostino Sarubbo
Modified:	2013-12-27 00:23 UTC (History)
CC List:	3 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2013-11-28 11:25:28 UTC

From ${URL} :

ownCloud 5.0.13 fixes a possible security issue:

""
http://owncloud.org/changelog/
SECURITY: Fix a possible security bypass on admin page under certain circumstances and MariaDB
""


@maintainer(s): since the fixed version is already in the tree, please remove the affected versions.

Comment 1 Bernard Cafarelli gentoo-dev

2013-11-28 13:31:49 UTC

I removed all 5.0.x versions < 5.0.13 that were still in tree, along with 4.5.13 (last 4.5.x version, which may be vulnerable and is not maintained upstream anymore)

Comment 2 Sergey Popov gentoo-dev

2013-11-29 08:16:54 UTC

Thanks for your work

Packages was never been in stable, thus - no GLSA

Comment 3 GLSAMaker/CVETool Bot gentoo-dev

2013-12-27 00:23:42 UTC

CVE-2013-6403 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6403):
  The admin page in ownCloud before 5.0.13 allows remote attackers to bypass
  intended access restrictions via unspecified vectors, related to MariaDB.