What's the CVSS score of your company?

Patch  oval:org.mitre.oval:def:13687
USN-791-1 -- moodle vulnerabilities  

Thor Larholm discovered that PHPMailer, as used by Moodle, did not correctly escape email addresses. A local attacker with direct access to the Moodle database could exploit this to execute arbitrary commands as the web server user. Nigel McNie discovered that fetching https URLs did not correctly escape shell meta-characters. An authenticated remote attacker could execute arbitrary commands as the web server user, if curl was installed and configured. It was discovered that Smarty, did not correctly filter certain inputs. An authenticated remote attacker could exploit this to execute arbitrary PHP commands as the web server user. It was discovered that the unused SpellChecker extension in Moodle did not correctly handle temporary files. If the tool had been locally modified, it could be made to overwrite arbitrary local files via symlinks. Mike Churchward discovered that Moodle did not correctly filter Wiki page titles in certain areas. An authenticated remote attacker could exploit this to cause cross-site scripting, which could be used to modify or steal confidential data of other users within the same web domain. It was discovered that the HTML sanitizer, "Login as" feature, and logging in Moodle did not correctly handle certain inputs. An authenticated remote attacker could exploit this to generate XSS, which could be used to modify or steal confidential data of other users within the same web domain. It was discovered that the HotPot module in Moodle did not correctly filter SQL inputs. An authenticated remote attacker could execute arbitrary SQL commands as the moodle database user, leading to a loss of privacy or denial of service. Kevin Madura discovered that the forum actions and messaging settings in Moodle were not protected from cross-site request forgery. If an authenticated user were tricked into visiting a malicious website while logged into Moodle, a remote attacker could change the user�s configurations or forum content. Daniel Cabezas discovered that Moodle would leak usernames from the Calendar Export tool. A remote attacker could gather a list of users, leading to a loss of privacy. Christian Eibl discovered that the TeX filter in Moodle allowed any function to be used. An authenticated remote attacker could post a specially crafted TeX formula to execute arbitrary TeX functions, potentially reading any file accessible to the web server user, leading to a loss of privacy. Johannes Kuhn discovered that Moodle did not correctly validate user permissions when attempting to switch user accounts. An authenticated remote attacker could switch to any other Moodle user, leading to a loss of privacy. Hanno Boeck discovered that unconfigured Moodle instances contained XSS vulnerabilities. An unauthenticated remote attacker could exploit this to modify or steal confidential data of other users within the same web domain. Debbie McDonald, Mauno Korpelainen, Howard Miller, and Juan Segarra Montesinos discovered that when users were deleted from Moodle, their profiles and avatars were still visible. An authenticated remote attacker could exploit this to store information in profiles even after they were removed, leading to spam traffic. Lars Vogdt discovered that Moodle did not correctly filter certain inputs. An authenticated remote attacker could exploit this to generate XSS from which they could modify or steal confidential data of other users within the same web domain. It was discovered that Moodle did not correctly filter inputs for group creation, mnet, essay question, HOST param, wiki param, and others. An authenticated remote attacker could exploit this to generate XSS from which they could modify or steal confidential data of other users within the same web domain. It was discovered that Moodle did not correctly filter SQL inputs when performing a restore. An attacker authenticated as a Moodle administrator could execute arbitrary SQL commands as the moodle database user, leading to a loss of privacy or denial of service
Create Date: 2011-10-18 Last Update Date: 2014-07-07

Affected Platforms/Products

Affected Products (CPE + CVE references)
Platforms: unix (from OVAL definitions) Products: unix
  • Ubuntu 8.04
  • Ubuntu 8.10
  • moodle

References

Criteria

The patch should be installed
IF : Any one of the following are true
IF : All of the following are true Release section
Prerequisites (Extended Definitions)
Ubuntu 8.04 is installed oval:org.mitre.oval:def:13250
IF : moodle DPKG is earlier than 1.8.2-1ubuntu4.2
Linux : Debian DPKG Test :  moodle DPKG is earlier than 1.8.2-1ubuntu4.2 
At least one of the objects listed below must exist on the system (Existence check)
Linux : Debian DPKG Package moodle package information
moodle
RPM Version less than 0:1.8.2-1ubuntu4.2 (datatype=evr_string)
linux : dpkginfo_state 
IF : Installed architecture is all
Uname Test :  Installed architecture is all 
At least one of the objects listed below must exist on the system (Existence check)
Unix : uname Object The single uname object.
Output of "uname -a"
IF : All of the following are true Release section
Prerequisites (Extended Definitions)
Ubuntu 8.10 is installed oval:org.mitre.oval:def:13306
IF : moodle DPKG is earlier than 1.8.2-1.2ubuntu2.1
Linux : Debian DPKG Test :  moodle DPKG is earlier than 1.8.2-1.2ubuntu2.1 
At least one of the objects listed below must exist on the system (Existence check)
Linux : Debian DPKG Package moodle package information
moodle
RPM Version less than 0:1.8.2-1.2ubuntu2.1 (datatype=evr_string)
linux : dpkginfo_state 
IF : Installed architecture is all
Uname Test :  Installed architecture is all 
At least one of the objects listed below must exist on the system (Existence check)
Unix : uname Object The single uname object.
Output of "uname -a"

Quick Help

evr_string datatype
Represents epoch, version, and release number as a single version string
Other Help Topics
Data Types
What is an Object?
What is a State?
What is a Test?
Other Help Topics
Regular Expression Patterns
Some object or state definitions are defined as regular expression patterns, you should interpret the regexp pattern while evaluating them.

OVAL Definitions By Referenced Objects

How does it work?   User agreement and privacy statement   About & Contact
CVE is a registred trademark of the MITRE Corporation and the authoritive source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritive source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritive source of OVAL content is MITRE's OVAL web site.
Warning: This site and all data are provided as is. It is not guaranteed that all information is accurate and complete. Use any information provided on this site at your own risk. By using this site you accept that you know that these data are provided as is and not guaranteed to be accurate, correct or complete. All trademarks appearing on this site are the property of their respective owners in the US or other countries. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss. PLEASE SEE nvd.nist.gov and oval.mitre.org for more details about OVAL language and definitions.
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor/web site owner/maintainer be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Use of OVAL and all related data is subject to terms of use defined by Mitre at http://oval.mitre.org/oval/about/termsofuse.html