Main Vulnerability Database Vulnerabilities #VU43825

Permissions, Privileges, and Access Controls in Moodle - CVE-2011-4588

Published: July 20, 2012 / Updated: August 11, 2020

Vulnerability identifier: #VU43825

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2011-4588

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: moodle.org

Affected software:
Moodle

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The ip_in_range function in mnet/lib.php in MNET in Moodle 1.9.x before 1.9.15 uses an incorrect data type, which allows remote attackers to bypass intended IP address restrictions via an XMLRPC request.

How to mitigate CVE-2011-4588

Install update from vendor's website.

Sources

http://git.moodle.org/gw?p=moodle.git;a=commit;h=3ab2851d2a59721445945d0706c58092e07e861e
http://moodle.org/mod/forum/discuss.php?d=191756
http://www.debian.org/security/2012/dsa-2421
https://bugzilla.redhat.com/show_bug.cgi?id=761248

Permissions, Privileges, and Access Controls in Moodle - CVE-2011-4588

Detailed vulnerability description

How to mitigate CVE-2011-4588

Sources

Please verify you're human