SB2012052306 - Fedora EPEL 6 update for moodle

Security Bulletin ID SB2012052306

Severity

Medium

Patch available

YES

Number of vulnerabilities 15

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 15 secuirty vulnerabilities.

1) Information disclosure (CVE-ID: CVE-2012-2353)

The vulnerability allows a remote #AU# to gain access to sensitive information.

Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to obtain sensitive user information from hidden fields by leveraging the teacher role and navigating to "Enrolled users" under the Users Settings section.

2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2012-2354)

The vulnerability allows a remote #AU# to gain access to sensitive information.

Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/site:readallmessages capability requirement and read arbitrary messages by using the "Recent conversations" feature with a modified parameter in a URL.

3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2012-2355)

The vulnerability allows a remote #AU# to manipulate data.

Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass question:use* capability requirements and add arbitrary questions to a quiz via the questions feature.

4) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2012-2356)

The vulnerability allows a remote #AU# to manipulate data.

The question-bank functionality in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass intended capability requirements and save questions via a save_question action.

5) Information disclosure (CVE-ID: CVE-2012-2357)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The Multi-Authentication feature in the Central Authentication Service (CAS) functionality in auth/cas/cas_form.html in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not use HTTPS, which allows remote attackers to obtain credentials by sniffing the network.

6) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2012-2358)

The vulnerability allows a remote #AU# to manipulate or delete data.

Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass an activity's read-only state and modify the database by leveraging the student role and editing database activity entries that already exist.

7) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2012-2359)

The vulnerability allows a remote #AU# to read and manipulate data.

admin/roles/override.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to gain privileges by leveraging the teacher role and modifying their own capabilities, as demonstrated by obtaining the backup:userinfo capability.

8) Cross-site scripting (CVE-ID: CVE-2012-2360)

Vulnerability allows a remote attacker to perform XSS attacks.

The vulnerability is caused by an input validation error in the Wiki subsystem in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3. A remote authenticated attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim's browser in security context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

9) Cross-site scripting (CVE-ID: CVE-2012-2361)

Vulnerability allows a remote attacker to perform Cross-site scripting attacks.

An input validation error exists in admin/webservice/forms.php in the web services implementation in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3. A remote authenticated attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim's browser in security context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

10) Cross-site scripting (CVE-ID: CVE-2012-2362)

Vulnerability allows a remote attacker to perform XSS attacks.

The vulnerability is caused by an input validation error in blog/lib.php in the blog implementation in Moodle 1.9.x before 1.9.18, when Internet Explorer is used,. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim's browser in security context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

11) SQL injection (CVE-ID: CVE-2012-2363)

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

12) Cross-site scripting (CVE-ID: CVE-2012-2364)

Vulnerability allows a remote attacker to perform XSS attacks.

The vulnerability is caused by an input validation error in lib/filelib.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3. A remote authenticated attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim's browser in security context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

13) Cross-site scripting (CVE-ID: CVE-2012-2365)

Vulnerability allows a remote attacker to perform XSS attacks.

The vulnerability is caused by an input validation error in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3. A remote authenticated attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim's browser in security context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

14) Input validation error (CVE-ID: CVE-2012-2366)

The vulnerability allows a remote #AU# to manipulate or delete data.

mod/data/preset.php in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not properly iterate through an array, which allows remote authenticated users to overwrite arbitrary database activity presets via unspecified vectors.

15) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2012-2367)

The vulnerability allows a remote #AU# to manipulate data.

Moodle 1.9.x before 1.9.18, 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/calendar:manageownentries capability requirement and add a calendar entry via a New Entry action.

Remediation

Install update from vendor's website.

References

https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2012-5960

SB2012052306 - Fedora EPEL 6 update for moodle

Breakdown by Severity

Description

Remediation

References

Please verify you're human