Security announcements

MSA-10-0012: KSES Security Filter Bypassing vulnerability

yazan Helen Foster -
Topic: KSES Security Filter Bypassing vulnerability
Severity/Risk: Critical
Versions affected: <1.8.13 and <1.9.9
Reported by: Sascha Herzog
Issue no.: MDL-22042
Solution: upgrade to 1.8.13 or 1.9.9
Workaround: apply patch
http://cvs.moodle.org/moodle/lib/weblib.php?r1=1.812.2.114&r2=1.812.2.115
http://cvs.moodle.org/moodle/lib/weblib.php?r1=1.970.2.171&r2=1.970.2.172


Description:
Sascha Herzog reported a critical vulnerability in KSES text cleaning filter may allows registered users to launch persistent cross-site scripting (XSS) attacks.

Bu konuyu tartış  (Şimdiye kadar 0 yanıt)

MSA-10-0011: Cross Site Scripting vulnerability in blog/index.php

yazan Helen Foster -
Topic: Cross Site Scripting vulnerability in blog/index.php
Severity/Risk: Critical
Versions affected: <1.8.13 and <1.9.9
Reported by: Emmanuel Bouillon
Issue no.: MDL-22631
Solution: upgrade to 1.8.13 or 1.9.9
Workaround: apply patch or disable blogs
http://cvs.moodle.org/moodle/blog/lib.php?r1=1.80.2.20&r2=1.80.2.21
http://cvs.moodle.org/moodle/blog/lib.php?r1=1.62.2.9&r2=1.62.2.10


Description:
Some parameters were not being properly cleaned on the blog index page, allowing non-persistent cross-site scripting (XSS) attacks.

Bu konuyu tartış  (Şimdiye kadar 0 yanıt)

MSA-10-0010: Persistent Cross Site Scripting vulnerability in the MNET access control interface

yazan Helen Foster -
Topic: Persistent Cross Site Scripting vulnerability in the MNET access control interface
Severity/Risk: Minor
Versions affected: <1.8.13 and <1.9.9
Reported by: Sascha Herzog
Issue no.: MDL-22040
Solution: upgrade to 1.8.13 or 1.9.9
Workaround: disable MNET or uncheck Allow extended characters in usernames


Description:
Sasha Herzog reported a cross site scripting vulnerability in the MNET access control interface when server allows extended characters in usernames.

Bu konuyu tartış  (Şimdiye kadar 0 yanıt)

MSA-10-0009: Session fixation prevention now turned on by default

yazan Petr Skoda -
Topic: Session fixation prevention now turned on by default
Severity/Risk: Major
Versions affected: 1.8.x and <1.9.8
Reported by: Sascha Herzog
Issue no.: MDL-21788
Solution: upgrade to 1.9.8 and confirm the enabling of session id regeneration


Description:
Enabling of "Regenerate session id during login" setting is now strongly recommended for all production servers. It is now compatible with all official authentication plugins including mnet.

Bu konuyu tartış  (Şimdiye kadar 0 yanıt)

MSA-10-0008: Persistent XSS when using Login-as feature

yazan Petr Skoda -
Topic: Persistent XSS when using Login-as feature
Severity/Risk: Major
Versions affected: <1.8.12 and <1.9.8
Reported by: Sascha Herzog
Issue no.: MDL-21769
Solution: upgrade to 1.8.12 or 1.9.8
Workaround: see Version control tab in tracker issue


Description:
Users may trick admins into using the "Login as" feature to edit some existing posts which contain XSS exploit code.

Bu konuyu tartış  (Şimdiye kadar 0 yanıt)

MSA-10-0007: Reflective Cross Site Scripting (XSS) in the Moodle Global Search Engine

yazan Petr Skoda -
Topic: Reflective Cross Site Scripting (XSS) in the Moodle Global Search Engine
Severity/Risk: Major (if global search enabled)
Versions affected: <1.8.12 and <1.9.8
Reported by: Sascha Herzog
Issue no.: MDL-21649
Solution: upgrade to 1.8.12 or 1.9.8
Workaround: apply patch http://cvs.moodle.org/moodle/search/query.php?r1=1.16.2.10&r2=1.16.2.11


Description:
Sascha Herzog found a problem in the handling of user submitted data in global search forms. This problem is exploitable only when global search is enabled. Please note that the global search feature is still listed as experimental and is disabled by default.

Bu konuyu tartış  (Şimdiye kadar 0 yanıt)

MSA-10-0006: SQL injection in Wiki module

yazan Petr Skoda -
Topic: SQL injection in Wiki module
Severity/Risk: Critical
Versions affected: <1.8.12 and <1.9.8
Reported by: Matthew Slowe
Issue no.: MDL-21818
Solution: upgrade to 1.8.12 or 1.9.8
Workaround: apply patch http://cvs.moodle.org/moodle/mod/wiki/view.php?r1=1.76.2.6&r2=1.76.2.7 or remove mod/wiki/* if wiki module not used


Description:
Matthew Slowe discovered that the data passed to add_to_log() function in wiki module is not sanitised properly, this could allow SQL injection type attacks if there are any instances of wiki in your courses.

Bu konuyu tartış  (Şimdiye kadar 0 yanıt)

MSA-10-0005: Incorrect validation of forms data

yazan Petr Skoda -
Topic: Incorrect validation of forms data
Severity/Risk: Critical
Versions affected: <1.8.12 and <1.9.8
Reported by: Sascha Herzog
Issue no.: MDL-21767
Solution: upgrade to 1.8.12 or 1.9.8
Workaround: apply patch http://cvs.moodle.org/moodle/lib/form/selectgroups.php?r1=1.2.4.2&r2=1.2.4.3 or http://cvs.moodle.org/moodle/lib/form/select.php?r1=1.10.4.2&r2=1.10.4.3


Description:
Sascha Herzog discovered a SQL injection exploit in several forms, this was caused by incorrect data validation in some forms elements.

Bu konuyu tartış  (Şimdiye kadar 0 yanıt)

MSA-10-0004: Improved access control in course restore

yazan Petr Skoda -
Topic: Improved access control in course restore
Severity/Risk: Minor
Versions affected: 1.8.x and <1.9.8
Reported by: multiple reports
Issue no.: MDL-16658, MDL-19233
Solution: upgrade to 1.9.8
Workaround: none


Description:
The restoring of courses sometimes resulted in creation of new roles - that code should be now more reliable. Please note that all the users that are allowed to restore backup files must be trustworthy.

Bu konuyu tartış  (Şimdiye kadar 0 yanıt)

MSA-10-0003: Disclosure of full user names

yazan Petr Skoda -
Topic: Disclosure of full user names
Severity/Risk: Minor - privacy
Versions affected: <1.8.12 and <1.9.8
Reported by: Klaus Kirchner
Issue no.: MDL-21830
Solution: upgrade to 1.8.12 or 1.9.8
Workaround: apply patch http://cvs.moodle.org/moodle/user/view.php?r1=1.168.2.28&r2=1.168.2.29


Description:
Klaus Kirchner identified a problem in the course profile page which allowed ordinary users to find out names of other users - see http://moodle.org/mod/forum/discuss.php?d=145967 for more details.

Bu konuyu tartış  (Şimdiye kadar 0 yanıt)