Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 17 Sep 2012 12:09:15 +0800
From: Michael de Raadt <michaeld@...dle.com>
To: oss-security@...ts.openwall.com
Subject: Moodle security notifications public

The following security notifications have now been made public. Thanks 
to OSS members for their cooperation.

=======================================================================
MSA-12-0051: File upload size constraint issue

Topic:             /repository/repository_ajax.php allows you to supply
                    -1 for "maxbytes" and side step moodle file size
                    restrictions
Severity/Risk:     Minor
Versions affected: 2.3 to 2.3.1+, 2.2 to 2.2.4+
Reported by:       Andrew Davis
Issue no.:         MDL-30792
CVE Identifier:    CVE-2012-4400
Changes (master):  http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-30792
Description:
It was possible for a user to manipulate script parameters to upload a
file larger than set limits.

=======================================================================
MSA-12-0052: Course topics permission issue

Topic:             Permissions problems in topic course format
Severity/Risk:     Minor
Versions affected: 2.3 to 2.3.1+, 2.2 to 2.2.4+
Reported by:       Alexander Bias
Issue no.:         MDL-28207
CVE Identifier:    2012-4401
Changes (master):  http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-28207
Description:
Users with course editing capabilities, but without permission to
show/hide topics and set the current topic were able to complete
these actions under certain conditions.

=======================================================================
MSA-12-0053: Blog file access issue

Topic:             'publishstate' === 'public'
Severity/Risk:     Minor
Versions affected: 2.3 to 2.3.1+, 2.2 to 2.2.4+, 2.1 to 2.1.7+
Reported by:       Kyle Decot
Issue no.:         MDL-34585
CVE Identifier:    CVE-2012-4407
Changes (master):  http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34585
Description:
Files embedded as part of a blog were being delivered without checking
the publication state properly.

=======================================================================
MSA-12-0054: Course reset permission issue

Topic:             Course reset not protected by proper capability
Severity/Risk:     Minor
Versions affected: 2.3 to 2.3.1+, 2.2 to 2.2.4+, 2.1 to 2.1.7+
Reported by:       Rex Lorenzo
Issue no.:         MDL-34519
CVE Identifier:    CVE-2012-4408
Changes (master):  http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34519
Description:
The course reset link was protected by a correct permission but the
reset page itself was being checked for a different permission.

=======================================================================
MSA-12-0055: Web service access token issue

Topic:             A web service token allows the user to run functions
                    from any external service, not just those linked to
                    the external service the token is for
Severity/Risk:     Serious
Versions affected: 2.3 to 2.3.1+, 2.2 to 2.2.4+, 2.1 to 2.1.7+
Reported by:       Nathan Mares
Issue no.:         MDL-34368
CVE Identifier:    CVE-2012-4402
Changes (master):  http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34368
Description:
Users with permission to access multiple services were able to use a
token from one service to access another.

=======================================================================
MSA-12-0056: Information leak in drag-and-drop

Topic:             Information disclosure in yui_combo.php
Severity/Risk:     Minor
Versions affected: 2.3 to 2.3.1+
Reported by:       Mark Baseggio
Issue no.:         MDL-35168
CVE Identifier:    CVE-2012-4403
Changes (master):  http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-35168
Description:
The drag-and-drop script was responding to bad requests with
information that included the full path to scripts on the server.


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.