CVE-2017-5867 Owncloud CVE debrief

Who should care

ownCloud administrators, security teams, and operations staff running affected Server releases should care, especially where authenticated users can upload or process image files.

Technical summary

NVD describes the flaw as CVSS 3.0 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, with CWE-400 as the weakness category. A remote authenticated attacker can cause availability impact through a one-bit BMP file, leading to server hang behavior and excessive log generation. Affected versions listed in the record include ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3.

Defensive priority

Medium-high for exposed ownCloud deployments: patch promptly if authenticated users can submit files or if availability is operationally critical.

Recommended defensive actions

• Upgrade ownCloud Server to 8.1.11 or later, 8.2.9 or later, 9.0.7 or later, or 9.1.3 or later, as applicable.
• Review any workflows that accept user-supplied BMP files and restrict or isolate them where possible.
• Monitor ownCloud logs and service health for abnormal logfile growth or hang conditions.
• Inventory deployed ownCloud versions to confirm no affected release remains in production.

Evidence notes

The CVE description states that ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows remote authenticated users to cause a denial of service via a one bit BMP file. NVD classifies the issue as CVSS 3.0 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H and CWE-400, and includes a vendor advisory reference from ownCloud.

Official resources