SB2020081034 - Multiple vulnerabilities in Nextcloud Desktop Client

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Code Injection (CVE-ID: CVE-2020-8224)

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation when processing OpenSSL configuration file. A remote user can upload a malicious OpenSSL config file into a fixed directory and execute arbitrary code on the system.

2) Protection mechanism failure (CVE-ID: CVE-2020-8230)

The vulnerability allows an attacker to leverage absence of security measures.

The vulnerability exists due to application does not implement ASLR and DEP protection mechanisms. A remote attacker can leverage from absence of such feature to facilitate exploitation of other vulnerabilities in the application.

3) Memory leak (CVE-ID: CVE-2020-8229)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the OCUtil.dll library used by Nextcloud Desktop Client. A local user can perform a denial of service attack.

4) Cleartext storage of sensitive information (CVE-ID: CVE-2020-8225)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to software stores in clear text information about used proxies and their authentication credentials. A local user can read the log files and gain access to sensitive information.

Remediation

Install update from vendor's website.

References

• https://hackerone.com/reports/622170
• https://nextcloud.com/security/advisory/?id=NC-SA-2020-030
• https://security.gentoo.org/glsa/202009-09
• https://hackerone.com/reports/380102
• https://nextcloud.com/security/advisory/?id=NC-SA-2020-035
• https://hackerone.com/reports/588562
• https://nextcloud.com/security/advisory/?id=NC-SA-2020-034
• https://hackerone.com/reports/685990
• https://nextcloud.com/security/advisory/?id=NC-SA-2020-031