Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 17 Sep 2012 12:09:15 +0800
From: Michael de Raadt <michaeld@...dle.com>
To: oss-security@...ts.openwall.com
Subject: Moodle security notifications public

The following security notifications have now been made public. Thanks 
to OSS members for their cooperation.

=======================================================================
MSA-12-0051: File upload size constraint issue

Topic:             /repository/repository_ajax.php allows you to supply
                    -1 for "maxbytes" and side step moodle file size
                    restrictions
Severity/Risk:     Minor
Versions affected: 2.3 to 2.3.1+, 2.2 to 2.2.4+
Reported by:       Andrew Davis
Issue no.:         MDL-30792
CVE Identifier:    CVE-2012-4400
Changes (master):  http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-30792
Description:
It was possible for a user to manipulate script parameters to upload a
file larger than set limits.

=======================================================================
MSA-12-0052: Course topics permission issue

Topic:             Permissions problems in topic course format
Severity/Risk:     Minor
Versions affected: 2.3 to 2.3.1+, 2.2 to 2.2.4+
Reported by:       Alexander Bias
Issue no.:         MDL-28207
CVE Identifier:    2012-4401
Changes (master):  http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-28207
Description:
Users with course editing capabilities, but without permission to
show/hide topics and set the current topic were able to complete
these actions under certain conditions.

=======================================================================
MSA-12-0053: Blog file access issue

Topic:             'publishstate' === 'public'
Severity/Risk:     Minor
Versions affected: 2.3 to 2.3.1+, 2.2 to 2.2.4+, 2.1 to 2.1.7+
Reported by:       Kyle Decot
Issue no.:         MDL-34585
CVE Identifier:    CVE-2012-4407
Changes (master):  http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34585
Description:
Files embedded as part of a blog were being delivered without checking
the publication state properly.

=======================================================================
MSA-12-0054: Course reset permission issue

Topic:             Course reset not protected by proper capability
Severity/Risk:     Minor
Versions affected: 2.3 to 2.3.1+, 2.2 to 2.2.4+, 2.1 to 2.1.7+
Reported by:       Rex Lorenzo
Issue no.:         MDL-34519
CVE Identifier:    CVE-2012-4408
Changes (master):  http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34519
Description:
The course reset link was protected by a correct permission but the
reset page itself was being checked for a different permission.

=======================================================================
MSA-12-0055: Web service access token issue

Topic:             A web service token allows the user to run functions
                    from any external service, not just those linked to
                    the external service the token is for
Severity/Risk:     Serious
Versions affected: 2.3 to 2.3.1+, 2.2 to 2.2.4+, 2.1 to 2.1.7+
Reported by:       Nathan Mares
Issue no.:         MDL-34368
CVE Identifier:    CVE-2012-4402
Changes (master):  http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34368
Description:
Users with permission to access multiple services were able to use a
token from one service to access another.

=======================================================================
MSA-12-0056: Information leak in drag-and-drop

Topic:             Information disclosure in yui_combo.php
Severity/Risk:     Minor
Versions affected: 2.3 to 2.3.1+
Reported by:       Mark Baseggio
Issue no.:         MDL-35168
CVE Identifier:    CVE-2012-4403
Changes (master):  http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-35168
Description:
The drag-and-drop script was responding to bad requests with
information that included the full path to scripts on the server.


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ