cnvd - cnvd-2017-05006

CNVD-2017-05006

Vulnerability from cnvd - Published: 2017-04-21

Title

Nextcloud Server和ownCloud Server安全绕过漏洞

Description

ownCloud是德国ownCloud公司的一套免费且开源的个人云存储解决方案。Nextcloud是一套开源的自托管文件同步和共享的通信应用平台。ownCloud Server和Nextcloud Server都是其中的一个服务器版。 Nextcloud Server和ownCloud Server中存在安全绕过漏洞。攻击者可利用该漏洞获取账户的访问权限。

Severity

中

Patch Name

Nextcloud Server和ownCloud Server安全绕过漏洞的补丁

Patch Description

Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞： https://nextcloud.com/security/advisory/?id=nc-sa-2016-006

Reference

https://github.com/nextcloud/apps/commit/b85ace6840b8a6704641086bc3b8eb8e81cb2274 https://nvd.nist.gov/vuln/detail/CVE-2016-9463

Impacted products

Name
['Nextcloud Nextcloud Server <10.0.1', 'Nextcloud Nextcloud Server <9.0.54', 'OwnCloud ownCloud Server <9.0.6', 'OwnCloud ownCloud Server <9.1.2', 'OwnCloud ownCloud Server <8.2.9']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-9463",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9463"
    }
  },
  "description": "ownCloud\u662f\u5fb7\u56fdownCloud\u516c\u53f8\u7684\u4e00\u5957\u514d\u8d39\u4e14\u5f00\u6e90\u7684\u4e2a\u4eba\u4e91\u5b58\u50a8\u89e3\u51b3\u65b9\u6848\u3002Nextcloud\u662f\u4e00\u5957\u5f00\u6e90\u7684\u81ea\u6258\u7ba1\u6587\u4ef6\u540c\u6b65\u548c\u5171\u4eab\u7684\u901a\u4fe1\u5e94\u7528\u5e73\u53f0\u3002ownCloud Server\u548cNextcloud Server\u90fd\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u670d\u52a1\u5668\u7248\u3002\r\n\r\nNextcloud Server\u548cownCloud Server\u4e2d\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u8d26\u6237\u7684\u8bbf\u95ee\u6743\u9650\u3002",
  "discovererName": "unknown",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://nextcloud.com/security/advisory/?id=nc-sa-2016-006",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-05006",
  "openTime": "2017-04-21",
  "patchDescription": "ownCloud\u662f\u5fb7\u56fdownCloud\u516c\u53f8\u7684\u4e00\u5957\u514d\u8d39\u4e14\u5f00\u6e90\u7684\u4e2a\u4eba\u4e91\u5b58\u50a8\u89e3\u51b3\u65b9\u6848\u3002Nextcloud\u662f\u4e00\u5957\u5f00\u6e90\u7684\u81ea\u6258\u7ba1\u6587\u4ef6\u540c\u6b65\u548c\u5171\u4eab\u7684\u901a\u4fe1\u5e94\u7528\u5e73\u53f0\u3002ownCloud Server\u548cNextcloud Server\u90fd\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u670d\u52a1\u5668\u7248\u3002\r\n\r\nNextcloud Server\u548cownCloud Server\u4e2d\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u8d26\u6237\u7684\u8bbf\u95ee\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Nextcloud Server\u548cownCloud Server\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Nextcloud Nextcloud Server \u003c10.0.1",
      "Nextcloud Nextcloud Server \u003c9.0.54",
      "OwnCloud ownCloud Server \u003c9.0.6",
      "OwnCloud ownCloud Server \u003c9.1.2",
      "OwnCloud ownCloud Server \u003c8.2.9"
    ]
  },
  "referenceLink": "https://github.com/nextcloud/apps/commit/b85ace6840b8a6704641086bc3b8eb8e81cb2274\r\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9463",
  "serverity": "\u4e2d",
  "submitTime": "2017-03-30",
  "title": "Nextcloud Server\u548cownCloud Server\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}

CVE-2016-9463 (GCVE-0-2016-9463)

Vulnerability from cvelistv5 – Published: 2017-03-28 02:46 – Updated: 2024-08-06 02:50

Summary

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Bypass. Nextcloud/ownCloud include an optional and not by default enabled SMB authentication component that allows authenticating users against an SMB server. This backend is implemented in a way that tries to connect to a SMB server and if that succeeded consider the user logged-in. The backend did not properly take into account SMB servers that have any kind of anonymous auth configured. This is the default on SMB servers nowadays and allows an unauthenticated attacker to gain access to an account without valid credentials. Note: The SMB backend is disabled by default and requires manual configuration in the Nextcloud/ownCloud config file. If you have not configured the SMB backend then you're not affected by this vulnerability.

Severity ?

No CVSS data available.

CWE

CWE-303 - Incorrect Implementation of Authentication Algorithms (CWE-303)

Assigner

hackerone

References

URL

Tags

	https://github.com/nextcloud/apps/commit/b85ace68…	x_refsource_MISC
	https://github.com/owncloud/apps/commit/16cbccfc9…	x_refsource_MISC
	https://rhinosecuritylabs.com/2016/10/operation-o…	x_refsource_MISC
	https://github.com/owncloud/apps/commit/5d47e7b52…	x_refsource_MISC
	https://github.com/owncloud/apps/commit/a0e07b7dd…	x_refsource_MISC
	https://hackerone.com/reports/148151	x_refsource_MISC
	https://github.com/nextcloud/apps/commit/decb91fd…	x_refsource_MISC
	https://owncloud.org/security/advisory/?id=oc-sa-…	x_refsource_MISC
	https://nextcloud.com/security/advisory/?id=nc-sa…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9	Affected: Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:50:38.584Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/nextcloud/apps/commit/b85ace6840b8a6704641086bc3b8eb8e81cb2274"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/owncloud/apps/commit/16cbccfc946c8711721fa684d78135ca1fb64791"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://rhinosecuritylabs.com/2016/10/operation-ownedcloud-exploitation-post-exploitation-persistence/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/owncloud/apps/commit/5d47e7b52646cf79edadd78ce10c754290cbb732"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/owncloud/apps/commit/a0e07b7ddd5a5fd850a6e07f8457d05b76a300b3"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/148151"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/nextcloud/apps/commit/decb91fd31f4ffab191cbf09ce4e5c55c67a4087"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-017"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-006"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Nextcloud Server \u0026 ownCloud Server Nextcloud Server before 9.0.54 and 10.0.1 \u0026 ownCloud Server before 9.1.2, 9.0.6, and 8.2.9",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Nextcloud Server \u0026 ownCloud Server Nextcloud Server before 9.0.54 and 10.0.1 \u0026 ownCloud Server before 9.1.2, 9.0.6, and 8.2.9"
            }
          ]
        }
      ],
      "datePublic": "2017-03-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Nextcloud Server before 9.0.54 and 10.0.1 \u0026 ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Bypass. Nextcloud/ownCloud include an optional and not by default enabled SMB authentication component that allows authenticating users against an SMB server. This backend is implemented in a way that tries to connect to a SMB server and if that succeeded consider the user logged-in. The backend did not properly take into account SMB servers that have any kind of anonymous auth configured. This is the default on SMB servers nowadays and allows an unauthenticated attacker to gain access to an account without valid credentials. Note: The SMB backend is disabled by default and requires manual configuration in the Nextcloud/ownCloud config file. If you have not configured the SMB backend then you\u0027re not affected by this vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-303",
              "description": "Incorrect Implementation of Authentication Algorithms (CWE-303)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-03-28T02:57:01",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nextcloud/apps/commit/b85ace6840b8a6704641086bc3b8eb8e81cb2274"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/owncloud/apps/commit/16cbccfc946c8711721fa684d78135ca1fb64791"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://rhinosecuritylabs.com/2016/10/operation-ownedcloud-exploitation-post-exploitation-persistence/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/owncloud/apps/commit/5d47e7b52646cf79edadd78ce10c754290cbb732"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/owncloud/apps/commit/a0e07b7ddd5a5fd850a6e07f8457d05b76a300b3"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://hackerone.com/reports/148151"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nextcloud/apps/commit/decb91fd31f4ffab191cbf09ce4e5c55c67a4087"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-017"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-006"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "support@hackerone.com",
          "ID": "CVE-2016-9463",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Nextcloud Server \u0026 ownCloud Server Nextcloud Server before 9.0.54 and 10.0.1 \u0026 ownCloud Server before 9.1.2, 9.0.6, and 8.2.9",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Nextcloud Server \u0026 ownCloud Server Nextcloud Server before 9.0.54 and 10.0.1 \u0026 ownCloud Server before 9.1.2, 9.0.6, and 8.2.9"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Nextcloud Server before 9.0.54 and 10.0.1 \u0026 ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Bypass. Nextcloud/ownCloud include an optional and not by default enabled SMB authentication component that allows authenticating users against an SMB server. This backend is implemented in a way that tries to connect to a SMB server and if that succeeded consider the user logged-in. The backend did not properly take into account SMB servers that have any kind of anonymous auth configured. This is the default on SMB servers nowadays and allows an unauthenticated attacker to gain access to an account without valid credentials. Note: The SMB backend is disabled by default and requires manual configuration in the Nextcloud/ownCloud config file. If you have not configured the SMB backend then you\u0027re not affected by this vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Incorrect Implementation of Authentication Algorithms (CWE-303)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/nextcloud/apps/commit/b85ace6840b8a6704641086bc3b8eb8e81cb2274",
              "refsource": "MISC",
              "url": "https://github.com/nextcloud/apps/commit/b85ace6840b8a6704641086bc3b8eb8e81cb2274"
            },
            {
              "name": "https://github.com/owncloud/apps/commit/16cbccfc946c8711721fa684d78135ca1fb64791",
              "refsource": "MISC",
              "url": "https://github.com/owncloud/apps/commit/16cbccfc946c8711721fa684d78135ca1fb64791"
            },
            {
              "name": "https://rhinosecuritylabs.com/2016/10/operation-ownedcloud-exploitation-post-exploitation-persistence/",
              "refsource": "MISC",
              "url": "https://rhinosecuritylabs.com/2016/10/operation-ownedcloud-exploitation-post-exploitation-persistence/"
            },
            {
              "name": "https://github.com/owncloud/apps/commit/5d47e7b52646cf79edadd78ce10c754290cbb732",
              "refsource": "MISC",
              "url": "https://github.com/owncloud/apps/commit/5d47e7b52646cf79edadd78ce10c754290cbb732"
            },
            {
              "name": "https://github.com/owncloud/apps/commit/a0e07b7ddd5a5fd850a6e07f8457d05b76a300b3",
              "refsource": "MISC",
              "url": "https://github.com/owncloud/apps/commit/a0e07b7ddd5a5fd850a6e07f8457d05b76a300b3"
            },
            {
              "name": "https://hackerone.com/reports/148151",
              "refsource": "MISC",
              "url": "https://hackerone.com/reports/148151"
            },
            {
              "name": "https://github.com/nextcloud/apps/commit/decb91fd31f4ffab191cbf09ce4e5c55c67a4087",
              "refsource": "MISC",
              "url": "https://github.com/nextcloud/apps/commit/decb91fd31f4ffab191cbf09ce4e5c55c67a4087"
            },
            {
              "name": "https://owncloud.org/security/advisory/?id=oc-sa-2016-017",
              "refsource": "MISC",
              "url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-017"
            },
            {
              "name": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-006",
              "refsource": "MISC",
              "url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-006"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2016-9463",
    "datePublished": "2017-03-28T02:46:00",
    "dateReserved": "2016-11-19T00:00:00",
    "dateUpdated": "2024-08-06T02:50:38.584Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2017-05006

CVE-2016-9463 (GCVE-0-2016-9463)

Tags

Sightings

Nomenclature