SB2011120902 - Fedora EPEL 6 update for moodle

Description

This security bulletin contains information about 13 secuirty vulnerabilities.

1) Information disclosure (CVE-ID: CVE-2011-4581)

The vulnerability allows a remote #AU# to gain access to sensitive information.

mod/wiki/pagelib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 allows remote authenticated users to discover the username of a wiki creator by visiting the history and deletion user interface.

2) Input validation error (CVE-ID: CVE-2011-4582)

The vulnerability allows a remote #AU# to read and manipulate data.

Open redirect vulnerability in the Calendar set page in Moodle 2.1.x before 2.1.3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a redirection URL.

3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2011-4583)

The vulnerability allows a remote #AU# to read and manipulate data.

Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 displays web service tokens associated with (1) disabled services and (2) users who no longer have authorization, which allows remote authenticated users to have an unspecified impact by reading these tokens.

4) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2011-4584)

The vulnerability allows a remote #AU# to manipulate data.

The MNET authentication functionality in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote authenticated users to impersonate other user accounts by using the Login As feature in conjunction with a remote MNET single sign-on capability, as demonstrated by a Mahara site.

5) Configuration (CVE-ID: CVE-2011-4585)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

login/change_password.php in Moodle 1.9.x before 1.9.15 does not use https for the change-password form even if the httpslogin option is enabled, which allows remote attackers to obtain credentials by sniffing the network.

6) Input validation error (CVE-ID: CVE-2011-4586)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

CRLF injection vulnerability in calendar/set.php in the Calendar subsystem in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

7) Credentials management (CVE-ID: CVE-2011-4587)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

lib/moodlelib.php in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 does not properly handle certain zero values in the password policy, which makes it easier for remote attackers to obtain access by leveraging the possible existence of user accounts that have unchangeable blank passwords.

8) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2011-4588)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The ip_in_range function in mnet/lib.php in MNET in Moodle 1.9.x before 1.9.15 uses an incorrect data type, which allows remote attackers to bypass intended IP address restrictions via an XMLRPC request.

9) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2011-4589)

The vulnerability allows a remote #AU# to manipulate or delete data.

backup/moodle2/restore_stepslib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not check for the moodle/course:changeidnumber privilege during handling of course ID numbers, which allows remote authenticated users to overwrite ID numbers via a restore action.

10) Improper Authentication (CVE-ID: CVE-2011-4590)

The vulnerability allows a remote #AU# to manipulate data.

The web services implementation in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not properly consider the maintenance-mode state and account attributes during login attempts, which allows remote authenticated users to bypass intended access restrictions by connecting to a webservice server.

11) Cross-site scripting (CVE-ID: CVE-2011-4591)

Vulnerability allows a remote attacker to perform XSS attacks.

The vulnerability is caused by an input validation error in the print_object function in lib/datalib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3, when a developer debugging script is enabled,. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim's browser in security context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

12) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2011-4592)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The command-line cron implementation in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not properly interact with IP blocking, which might allow remote attackers to bypass intended IP address restrictions by leveraging a configuration in which IP blocking was disabled to restore cron functionality.

13) Information disclosure (CVE-ID: CVE-2011-4593)

The vulnerability allows a remote #AU# to gain access to sensitive information.

Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 does not properly handle user/action_redir group messages, which allows remote authenticated users to discover e-mail addresses by visiting the messaging interface.

Remediation

Install update from vendor's website.

References

• https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2011-5193