Date: Sun, 13 Nov 2011 18:19:21 -0700 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com CC: jmm@...ian.org Subject: Re: Fwd: DSA 2338-1 moodle security update Ok so for the sake of completeness the following is all Moodle Security Advisories from 2011 so far. One has a CVE assigned (rather, it moodle repackages phpMyAdmin which has a CVE assigned), several are security hardening fixes (so no CVE) and several require admin access (so they don't cross a security boundary, so no CVE). Notes are included. I also found CVE-2011-3757, I'm unable to confirm this issue (I just get a 500 internal server error) but http://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=2c28fa7643b168006883a81a2421012d357a22d6 would indicate it's been fixed. P.S. could someone from moodle maybe request CVE's when they assign a security advisory (just forward a copy of the MSA to the OSS list would do the trick), barrnig that if a community member could take it upon themselves that would be nice (then CVE's can be assigned promptly). ===================== MSA-11-0001: ALREADY ASSIGNED CVE-2011-0987 Customised phpMyAdmin upgraded to 18.104.22.168 and 22.214.171.124 MSA-11-0002: CVE-2011-4133 Cross-site request forgery vulnerability in RSS block MSA-11-0003: CVE-2011-4278 Cross-site scripting vulnerability in tag autocomplete MSA-11-0004: CVE-2011-4279 $CFG->forceloginforprofiles setting ignored in course profiles MSA-11-0005: CVE-2011-4280 Cross-site scripting vulnerability in spikephpcoverage MSA-11-0006: CVE-2011-4281 Cross-site request forgery and missing access control in course completion MSA-11-0007: CVE-2011-4282 Cross-site scripting vulnerability in course tags MSA-11-0008: CVE-2011-4283 IMS enterprise enrolment file may disclose sensitive information MSA-11-0009: CVE-2011-4284 My profile block may disclose private information if used in user context MSA-11-0010: CVE-2011-4285 Incorrect default for mod:course/delete capability in teacher role MSA-11-0011: CVE-2011-4286 Multiple cross-site scripting problems in media filter MSA-11-0012: CVE-2011-4287 Authentication issue MSA-11-0013: CVE-2011-4288 Group/Quiz permissions issue MSA-11-0014: CVE-2011-4289 Personal details displayed without permission MSA-11-0015: CVE-2011-4290 Cross Site Scripting through URL encoding MSA-11-0016: CVE-2011-4291 Ability to fill a database with invalid records through ratings MSA-11-0017: CVE-2011-4292 Ability to generate invalid records in the comments table in the database MSA-11-0018: NO CVE Lacking capability controls over cohorts (hardening) MSA-11-0019: CVE-2011-4293 Themes writing to files outside Moodle data directory MSA-11-0020: CVE-2011-4294 Continue links in error messages can lead offsite MSA-11-0021: CVE-2011-4295 Role assignment web service function not following restrictions MSA-11-0022: CVE-2011-4296 Course creators could change filters at course level MSA-11-0023: CVE-2011-4297 Guests can add comments to front page activities MSA-11-0024: NO CVE Recaptcha images were being authenticated from an older server (hardening) MSA-11-0025: NO CVE Group names in user upload CSV not being escaped (need to be admin) MSA-11-0026: NO CVE Fields in user upload CSV not being escaped (need to be admin) MSA-11-0027: CVE-2011-4298 Wiki pages reference forgery issue MSA-11-0028: CVE-2011-4299 Wiki comments cross site scripting issue MSA-11-0029: CVE-2011-4300 File visibility issue MSA-11-0030: NO CVE Box.net repository integration authentication issue (hardening) MSA-11-0031: CVE-2011-4301 Forms API constant issue MSA-11-0032: CVE-2011-4302 MNET SSL validation issue MSA-11-0033: CVE-2011-4303 Site-hub registration identity issue MSA-11-0034: CVE-2011-4304 Chat module information leak MSA-11-0035: NO CVE Cookie-less session vulnerability (hardening) MSA-11-0036: CVE-2011-4305 Messaging refresh vulnerability MSA-11-0037: CVE-2011-4306 Course section editing injection vulnerability MSA-11-0038: NO CVE Database injection protection strengthened (hardening) MSA-11-0039: CVE-2011-4307 Wiki section vulnerability MSA-11-0040: CVE-2011-4308 Potential personal information leak MSA-11-0041: CVE-2011-4309 Global search authentication issue -- Kurt Seifried / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ