SB2013072911 - Multiple vulnerabilities in Moodle

Description

This security bulletin contains information about 6 secuirty vulnerabilities.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2013-2242)

The vulnerability allows a remote #AU# to gain access to sensitive information.

mod/chat/gui_sockets/index.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not consider the mod/chat:chat capability before authorizing daemon-mode chat, which allows remote authenticated users to bypass intended access restrictions via an HTTP session to a chat server.

2) Information disclosure (CVE-ID: CVE-2013-2243)

The vulnerability allows a remote #AU# to gain access to sensitive information.

mod/lesson/pagetypes/matching.php in Moodle through 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 allows remote authenticated users to obtain sensitive answer information by reading the HTML source code of a document.

3) Cross-site scripting (CVE-ID: CVE-2013-2244)

Vulnerability allows a remote attacker to perform Cross-site scripting attacks.

An input validation error exists in lib/conditionlib.php in Moodle 2.4.x before 2.4.5 and 2.5.x before 2.5.1 when processing the conditional access rule value of a user field. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim's browser in security context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

4) Improper Authentication (CVE-ID: CVE-2013-2245)

The vulnerability allows a remote #AU# to gain access to sensitive information.

rss/file.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly implement the use of RSS tokens for impersonation, which allows remote authenticated users to obtain sensitive block information by reading an RSS feed.

5) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2013-2246)

The vulnerability allows a remote #AU# to gain access to sensitive information.

mod/feedback/lib.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not consider the mod/feedback:view capability before displaying recent feedback, which allows remote authenticated users to obtain sensitive information via a request for all course feedback that has occurred since a specified time.

6) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2013-4938)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The LTI (aka IMS-LTI) mod_form implementation in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly support the sendname, sendemailaddr, and acceptgrades settings, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging an environment in which there was an ineffective attempt to enable the more secure values.

Remediation

Install update from vendor's website.

References

• http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39628
• https://moodle.org/mod/forum/discuss.php?d=232498
• http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39546
• https://moodle.org/mod/forum/discuss.php?d=232500
• http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37516
• https://moodle.org/mod/forum/discuss.php?d=232501
• http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37818
• https://moodle.org/mod/forum/discuss.php?d=232502
• http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39570
• https://moodle.org/mod/forum/discuss.php?d=232503
• http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-40308
• https://moodle.org/mod/forum/discuss.php?d=232497