Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 17 Jul 2012 09:02:55 +0800
From: Michael de Raadt <michaeld@...dle.com>
To: oss-security@...ts.openwall.com
Subject: Moodle security notifications public

The following security notifications have now been made public. Thanks 
to OSS members for their cooperation.


=======================================================================
MSA-12-0039: File upload validation issue

Topic:             file_save_draft_area_files() does not validate
                    references are allowed
Severity/Risk:     Minor
Versions affected: 2.3
Reported by:       Petr Škoda
Issue no.:         MDL-33948
CVE Identifier:    CVE-2012-3387
Changes (master): 
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33948
Description:
Where file shortcuts/aliases were not permitted, this was being
validated at the client, but not on the server.

=======================================================================
MSA-12-0040: Capabilities issue through caching

Topic:             lib/accesslib.php is_enrolled doesn't check
                    capabilities for cached users
Severity/Risk:     Minor
Versions affected: 2.3, 2.2 to 2.2.3+
Reported by:       Andrew Nicols
Issue no.:         MDL-33916
CVE Identifier:    CVE-2012-3388
Changes (master): 
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33916
Description:
Capability checks were not working properly after a user record had
been cached.

=======================================================================
MSA-12-0041: XSS issue in LTI module

Topic:             XSS vulnerabilities in /mod/lti/typessettings.php
                    (POST parameters: lti_typename, lti_toolurl)
Severity/Risk:     Serious
Versions affected: 2.3, 2.2 to 2.2.3+
Reported by:       Dan Poltawski
Issue no.:         MDL-31692
CVE Identifier:    CVE-2012-3389
Changes (master): 
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-31692
Description:
Parameters used by the LTI (External tool) module were not being
sufficiently cleaned.

=======================================================================
MSA-12-0042: File access issue in blocks

Topic:             Missing permissions check in pluginfile for blocks
Severity/Risk:     Minor
Versions affected: 2.2 to 2.2.3+, 2.1 to 2.1.6+
Reported by:       Juan Leyva
Issue no.:         MDL-32155
Workaround:        Do not embed sensitive documents in HTML blocks
CVE Identifier:    CVE-2012-3390
Changes (2.2): 
http://git.moodle.org/gw?p=moodle.git;a=commit;h=c58c05ad4f22c6ee1e136a7d4caaddd809a7134d
Description:
Files embedded by a block (eg., the HTML block) were accessible after
the block had been hidden.

=======================================================================
MSA-12-0043: Early information access issue in forum

Topic:             Forum displays Q&A posts in RSS feeds before users
                    have correct access
Severity/Risk:     Minor
Versions affected: 2.2 to 2.2.3+, 2.1 to 2.1.6+
Reported by:       Andrew Nicols
Issue no.:         MDL-32199
Workaround:        Do not provide RSS access to Q&A forums
CVE Identifier:    CVE-2012-3391
Changes (2.2): 
http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_22_STABLE&st=commit&s=MDL-32199
Description:
Q&A forum posts should not be visible to students until they have
contributed a post, however an RSS feed from such a forum was
displaying all posts.

=======================================================================
MSA-12-0044: Capability check issue in forum subscriptions

Topic:             Add some capability checks etc to
                    mod/forum/unsubscribeall.php
Severity/Risk:     Minor
Versions affected: 2.2 to 2.2.3+, 2.1 to 2.1.6+
Reported by:       Andrew Davis
Issue no.:         MDL-31460
CVE Identifier:    CVE-2012-3392
Changes (2.2): 
http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_22_STABLE&st=commit&s=MDL-31460
Description:
The capability for students to unsubscribe from forums was not being
checked properly.

=======================================================================
MSA-12-0045: Injection potential in admin for repositories

Topic:             HTML/JS Injection possible in repository names
Severity/Risk:     Minor
Versions affected: 2.2 to 2.2.3+, 2.1 to 2.1.6+
Reported by:       Daniel Compton
Issue no.:         MDL-33808
CVE Identifier:    CVE-2012-3393
Changes (2.2): 
http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_22_STABLE&st=commit&s=MDL-33808
Description:
The administration setting that allowed renaming of repositories
was not being filtered.

=======================================================================
MSA-12-0046: Insecure protocol redirection in LDAP authentication

Topic:             redirect() "forgets" https
Severity/Risk:     Minor
Versions affected: 2.3, 2.2 to 2.2.3+, 2.1 to 2.1.6+, 2.0 to 2.0.9+
Reported by:       Christophe
Issue no.:         MDL-23254
CVE Identifier:    CVE-2012-3394
Changes (2.2): 
http://git.moodle.org/gw?p=moodle.git;a=commit;h=9d8d2ee6192e8b7ebb6713bd6215e06f94e2a9f7
Description:
Users redirected during a login utilising LDAP were being redirected
from https to http protocol.

=======================================================================
MSA-12-0047: SQL injection potential in Feedback module

Topic:             Feedback module abuses data_submitted
Severity/Risk:     Serious
Versions affected: 2.2 to 2.2.3+, 2.1 to 2.1.6+, 2.0 to 2.0.9+
Reported by:       Dan Marsden
Issue no.:         MDL-27675
CVE Identifier:    CVE-2012-3395
Changes (2.2): 
http://git.moodle.org/gw?p=moodle.git&a=search&h=9d8d2ee6192e8b7ebb6713bd6215e06f94e2a9f7&st=commit&s=MDL-27675
Description:
The Feedback module was accepting some form data without filtering.

=======================================================================
MSA-12-0048: Possible XSS in cohort administration

Topic:             Possible XSS vuln caused by MDL-31691 commit
Severity/Risk:     Minor
Versions affected: 2.3, 2.2 to 2.2.3+, 2.1 to 2.1.6+, 2.0 to 2.0.9+
Reported by:       Eugene
Issue no.:         MDL-34045
CVE Identifier:    CVE-2012-3396
Changes (master): 
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34045
Description:
Fields used in the administration of cohorts were not being correctly
filtered.

=======================================================================
MSA-12-0049: Group restricted activity displayed to all users

Topic:             Grouping restriction settings not applied correctly
                    when Restrict Access set to greyed-out
Severity/Risk:     Minor
Versions affected: 2.3, 2.2 to 2.2.3+, 2.1 to 2.1.6+, 2.0 to 2.0.9+
Reported by:       Luke Tucker
Issue no.:         MDL-33466
CVE Identifier:    CVE-2012-3397
Changes (master): 
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33466
Description:
"Restrict access" conditions were incorrectly overriding grouping
settings when displaying activities.

=======================================================================
MSA-12-0050: Potential DOS attack through database activity

Topic:             database activity advanced search can be very
                    dangerous (backport of MDL-17327)
Severity/Risk:     Minor
Versions affected: 2.2 to 2.2.3+, 2.1 to 2.1.6+, 2.0 to 2.0.9+,
                    1.9 to 1.9.18+
Reported by:       Séverin Terrier
Issue no.:         MDL-32126
CVE Identifier:    CVE-2012-3398
Changes (2.2): 
http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_22_STABLE&st=commit&s=MDL-32126
Description:
Inefficient queries on a database activity with a large number of
records could have caused long periods of high CPU load, crippling a
system.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ