Security announcements

MSA-12-0050: Potential DOS attack through database activity

von Michael de Raadt -
Topic: database activity advanced search can be very dangerous (backport of MDL-17327)
Severity/Risk: Minor
Versions affected: 2.2 to 2.2.3+, 2.1 to 2.1.6+, 2.0 to 2.0.9+, 1.9 to 1.9.18+
Reported by: Séverin Terrier
Issue no.: MDL-32126

CVE Identifier:

 CVE-2012-3398
Changes (2.2): http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_22_STABLE&st=commit&s=MDL-32126

Description:

Inefficient queries on a database activity with a large number of records could have caused long periods of high CPU load, crippling a system.

Thema diskutieren  (0 Antworten)

MSA-12-0049: Group restricted activity displayed to all users

von Michael de Raadt -
Topic: Grouping restriction settings not applied correctly when Restrict Access set to greyed-out
Severity/Risk: Minor
Versions affected: 2.3, 2.2 to 2.2.3+, 2.1 to 2.1.6+, 2.0 to 2.0.9+
Reported by: Luke Tucker
Issue no.: MDL-33466

CVE Identifier:

 CVE-2012-3397
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33466

Description:

"Restrict access" conditions were incorrectly overriding grouping settings when displaying activities.

Thema diskutieren  (0 Antworten)

MSA-12-0048: Possible XSS in cohort administration

von Michael de Raadt -
Topic: Possible XSS vuln caused by MDL-31691 commit
Severity/Risk: Minor
Versions affected: 2.3, 2.2 to 2.2.3+, 2.1 to 2.1.6+, 2.0 to 2.0.9+
Reported by: Eugene
Issue no.: MDL-34045

CVE Identifier:

 CVE-2012-3396
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34045

Description:

Fields used in the administration of cohorts were not being correctly filtered.

Thema diskutieren  (0 Antworten)

MSA-12-0047: SQL injection potential in Feedback module

von Michael de Raadt -
Topic: Feedback module abuses data_submitted
Severity/Risk: Serious
Versions affected: 2.2 to 2.2.3+, 2.1 to 2.1.6+, 2.0 to 2.0.9+
Reported by: Dan Marsden
Issue no.: MDL-27675

CVE Identifier:

 CVE-2012-3395
Changes (2.2): http://git.moodle.org/gw?p=moodle.git&a=search&h=9d8d2ee6192e8b7ebb6713bd6215e06f94e2a9f7&st=commit&s=MDL-27675

Description:

The Feedback module was accepting some form data without filtering.

Thema diskutieren  (0 Antworten)

MSA-12-0046: Insecure protocol redirection in LDAP authentication

von Michael de Raadt -
Topic: redirect() "forgets" https
Severity/Risk: Minor
Versions affected: 2.3, 2.2 to 2.2.3+, 2.1 to 2.1.6+, 2.0 to 2.0.9+
Reported by: Christophe
Issue no.: MDL-23254

CVE Identifier:

 CVE-2012-3394
Changes (2.2): http://git.moodle.org/gw?p=moodle.git;a=commit;h=9d8d2ee6192e8b7ebb6713bd6215e06f94e2a9f7

Description:

Users redirected during a login utilising LDAP were being redirected from https to http protocol.

Thema diskutieren  (0 Antworten)

MSA-12-0045: Injection potential in admin for repositories

von Michael de Raadt -
Topic: HTML/JS Injection possible in repository names
Severity/Risk: Minor
Versions affected: 2.2 to 2.2.3+, 2.1 to 2.1.6+
Reported by: Daniel Compton
Issue no.: MDL-33808

CVE Identifier:

 CVE-2012-3393
Changes (2.2): http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_22_STABLE&st=commit&s=MDL-33808

Description:

The administration setting that allowed renaming of repositories was not being filtered.

Thema diskutieren  (0 Antworten)

MSA-12-0044: Capability check issue in forum subscriptions

von Michael de Raadt -
Topic: Add some capability checks etc to mod/forum/unsubscribeall.php
Severity/Risk: Minor
Versions affected: 2.2 to 2.2.3+, 2.1 to 2.1.6+
Reported by: Andrew Davis
Issue no.: MDL-31460

CVE Identifier:

 CVE-2012-3392
Changes (2.2): http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_22_STABLE&st=commit&s=MDL-31460

Description:

The capability for students to unsubscribe from forums was not being checked properly.

Thema diskutieren  (0 Antworten)

MSA-12-0043: Early information access issue in forum

von Michael de Raadt -
Topic: Forum displays Q&A posts in RSS feeds before users have correct access
Severity/Risk: Minor
Versions affected: 2.2 to 2.2.3+, 2.1 to 2.1.6+
Reported by: Andrew Nicols
Issue no.: MDL-32199
Workaround: Do not provide RSS access to Q&A forums

CVE Identifier:

 CVE-2012-3391
Changes (2.2): http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_22_STABLE&st=commit&s=MDL-32199

Description:

Q&A forum posts should not be visible to students until they have contributed a post, however an RSS feed from such a forum was displaying all posts.

Thema diskutieren  (0 Antworten)

MSA-12-0042: File access issue in blocks

von Michael de Raadt -
Topic: Missing permissions check in pluginfile for blocks
Severity/Risk: Minor
Versions affected: 2.2 to 2.2.3+, 2.1 to 2.1.6+
Reported by: Juan Leyva
Issue no.: MDL-32155
Workaround: Do not embed sensitive documents in HTML blocks

CVE Identifier:

 CVE-2012-3390
Changes (2.2): http://git.moodle.org/gw?p=moodle.git;a=commit;h=c58c05ad4f22c6ee1e136a7d4caaddd809a7134d

Description:

Files embedded by a block (eg., the HTML block) were accessible after the block had been hidden.

Thema diskutieren  (0 Antworten)

MSA-12-0041: XSS issue in LTI module

von Michael de Raadt -
Topic: XSS vulnerabilities in /mod/lti/typessettings.php (POST parameters: lti_typename, lti_toolurl)
Severity/Risk: Serious
Versions affected: 2.3, 2.2 to 2.2.3+
Reported by: Dan Poltawski
Issue no.: MDL-31692

CVE Identifier:

 CVE-2012-3389
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-31692

Description:

Parameters used by the LTI (External tool) module were not being sufficiently cleaned.

Thema diskutieren  (0 Antworten)