SB2012071101 - Multiple vulnerabilities in Moodle
Published: July 11, 2012 Updated: January 16, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 10 secuirty vulnerabilities.
1) Information disclosure (CVE-ID: CVE-2011-4304)
The vulnerability allows a remote #AU# to gain access to sensitive information.
The chat functionality in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote authenticated users to discover the name of any user via a beep operation.
2) Cross-site scripting (CVE-ID: CVE-2011-4307)
Vulnerability allows a remote attacker to perform XSS attacks.
The vulnerability is caused by an input validation error in mod/wiki/lang/en/wiki.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 when processing section parameter. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim's browser in security context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2011-4308)
The vulnerability allows a remote #AU# to gain access to sensitive information.
mod/forum/user.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 allows remote authenticated users to discover the names of other users via unspecified vectors.
4) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2011-4309)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote attackers to bypass intended access restrictions and perform global searches by leveraging the guest role and making a direct request to a URL.
5) Cross-site request forgery (CVE-ID: CVE-2011-4298)
The vulnerability allows a remote attacker to perform cross-site request forgery attacks.
The vulnerability exists due to insufficient validation of the HTTP request origin. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.
6) Cross-site scripting (CVE-ID: CVE-2011-4299)
Vulnerability allows a remote attacker to perform Cross-site scripting attacks.
An input validation error exists in mod/wiki/pagelib.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2. A remote authenticated attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim's browser in security context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
7) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2011-4300)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The file_browser component in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 does not properly restrict access to category and course data, which allows remote attackers to obtain potentially sensitive information via a request for a file.
8) Input validation error (CVE-ID: CVE-2011-4301)
The vulnerability allows a remote non-authenticated attacker to manipulate data.
The MoodleQuickForm class in the Forms Library in lib/formslib.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not recognize Forms API setConstant operations, which allows remote attackers to submit unexpected form content by modifying the values of constant fields.
9) Input validation error (CVE-ID: CVE-2011-4302)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
mnet/xmlrpc/client.php in MNET in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not properly process the return value of the openssl_verify function, which allows remote attackers to bypass validation via a crafted certificate.
10) Cryptographic issues (CVE-ID: CVE-2011-4303)
The vulnerability allows a remote non-authenticated attacker to manipulate data.
lib/db/upgrade.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 does not set the correct registration_hubs.secret value during installation, which allows remote attackers to bypass intended access restrictions by leveraging the hubs feature.
Remediation
Install update from vendor's website.
References
- http://git.moodle.org/gw?p=moodle.git;a=commit;h=d0157d827bc254ba386a5e5b41b13be2698ee76e
- http://moodle.org/mod/forum/discuss.php?d=188316
- https://bugzilla.redhat.com/show_bug.cgi?id=747444
- http://git.moodle.org/gw?p=moodle.git;a=commit;h=41017112cff7f5bd7969c72d321320f3090e7c68
- http://moodle.org/mod/forum/discuss.php?d=188321
- http://git.moodle.org/gw?p=moodle.git&a=search&s=MDL-28615
- http://moodle.org/mod/forum/discuss.php?d=188322
- http://www.debian.org/security/2012/dsa-2421
- http://git.moodle.org/gw?p=moodle.git;a=commit;h=5eb1cec34f013fdcb559b66bc401f2845ce0bbb7
- http://moodle.org/mod/forum/discuss.php?d=188323
- http://git.moodle.org/gw?p=moodle.git;a=commit;h=48346fb11f8ced06a05c0618b02a3a925b34ec59
- http://moodle.org/mod/forum/discuss.php?d=188309
- http://git.moodle.org/gw?p=moodle.git;a=commit;h=a459fd90625ae44d7b3ac10b65da2dc631a418e7
- http://moodle.org/mod/forum/discuss.php?d=188310
- http://git.moodle.org/gw?p=moodle.git;a=commit;h=f6b07c4da54a9db24723beb147e8a19a3d487e00
- http://moodle.org/mod/forum/discuss.php?d=188311
- http://git.moodle.org/gw?p=moodle.git;a=commit;h=f1f70bd4dde6cd1ea4bdb8ab28fa3d36a53b89d8
- http://moodle.org/mod/forum/discuss.php?d=188313
- http://git.moodle.org/gw?p=moodle.git;a=commit;h=54941685e3e86ec085641dcb7ebb1f96f06735b2
- http://moodle.org/mod/forum/discuss.php?d=188314
- http://git.moodle.org/gw?p=moodle.git;a=commit;h=ca896fdfcfcc87846fa91a297d0aa6999a68c48a
- http://moodle.org/mod/forum/discuss.php?d=188315