| Topic: | User account disclosure in LAMS module |
| Severity/Risk: | Major |
| Versions affected: | <1.8.11 and <1.9.7 |
| Reported by: | internal code review |
| Issue no.: | MDL-20924 |
| Solution: | upgrade to 1.8.11 or 1.9.7 |
| Workaround: | uninstall module and delete mod/lams directory |
Description:
LAMS module code discloses username, firstname and lastname database fields from user table. This information could be used in other types of attacks.
| Topic: | Multiple CSRF problems fixed |
| Severity/Risk: | Major |
| Versions affected: | <1.8.11 and <1.9.7 |
| Reported by: | internal code review |
| Issue no.: | MDL-20705, MDL-20707, MDL-20706, MDL-20925, MDL-20929, MDL-20930, MDL-20931, MDL-20901 |
| Solution: | upgrade to 1.8.11 or 1.9.7 |
| Workaround: | none |
Description:
We have discovered and fixed multiple cross site request forgery (CSRF) problems during internal code review.
| Topic: | Error in ADODB OCI8/MSSQL drivers allows SQL injection vulnerability |
| Severity/Risk: | Critical (only servers using Oracle and MS SQL databases) |
| Versions affected: | <1.9.6 |
| Reported by: | Sam Moffatt |
| Issue no.: | MDL-19452 |
| Solution: | upgrade to latest weekly build or 1.9.6 |
| Workaround: | none |
Description:
Sam Moffatt discovered a potential problem in the way ADODB library is quoting special characters when the database engine is using Sybase style quoting.
| Topic: | Teachers can view students' grades in all courses in the overview report |
| Severity/Risk: | Minor |
| Versions affected: | <1.9.6 |
| Reported by: | Ratana Lim |
| Issue no.: | MDL-20355 |
| Solution: | upgrade to latest weekly build or 1.9.6 |
| Workaround: | remove the overview report link - see http://docs.moodle.org/en/Simplifying_the_gradebook |
Description:
Teachers could view students' grades in all courses, including courses for which they do not have teacher rights, in the overview report.
| Topic: | SQL injection in update_record |
| Severity/Risk: | Critical |
| Versions affected: | <1.9.6, <1.8.10, 1.7.x |
| Reported by: | Georg-Christian Pranschke |
| Issue no.: | MDL-20309 |
| Solution: | upgrade to latest weekly builds, 1.9.6 or 1.8.10 |
| Workaround: | apply patches: |
Description:
Georg-Christian Pranschke discovered a serious problem in update_record function. This problem may allow any registered user to exploit several different scripts.
| Topic: | Incorrect escaping when updating first post in a single simple discussion forum type |
| Severity/Risk: | Minor |
| Versions affected: | <1.9.6, <1.8.10 |
| Reported by: | Nicola Vitacolonna |
| Issue no.: | MDL-20555 |
| Solution: | upgrade to latest weekly build or 1.9.6 |
| Workaround: | none |
Description:
Nicola Vitacolonna discovered forum introduction is incorrectly escaped when editing the first post of a single simple discussion forum. This can potentially lead to SQL injection attacks by teachers. Students can not exploit this problem.
| Topic: | Upgrade code 1.9 does not escape tags properly |
| Severity/Risk: | Minor |
| Versions affected: | <1.9.6 |
| Reported by: | Matt Oquist |
| Issue no.: | MDL-19709 |
| Solution: | do not use 1.9.0-1.9.5 when upgrading from any previous version |
Description:
The upgrade code does not properly escape tags properly when upgrading from any version before 1.9.0.
| Topic: | Email not properly escaped on user edit page |
| Severity/Risk: | Minor |
| Versions affected: | <1.9.6 |
| Reported by: | Alan Trick |
| Issue no.: | MDL-20295 |
| Solution: | upgrade to latest weekly build or 1.9.6 |
| Workaround: | disable email change confirmation (not recommended) |
Description:
Alan Trick discovered that the email change confirmation code does not escape the email addresses properly. This problem is marked as minor because the email address is validated and can not contain an arbitrary text.
| Topic: | Customised PhpMyAdmin upgraded to 2.11.9.6 |
| Severity: | Major |
| Versions affected: | all |
| Reported by: | upstream - PMASA-2009-6; CVE-2009-3696 and CVE-2009-3697 |
| Issue no.: | MDL-20553 |
| Solution: | Install latest package from http://moodle.org/mod/data/view.php?d=13&rid=448 or cvs |
| Workaround: | delete admin/mysql/* |
Description:
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2009-6
| Topic: | mimeTeX vulnerabilities |
| Severity/Risk: | Major |
| Versions affected: | all |
| Reported by: | upstream - http://www.ocert.org/advisories/ocert-2009-010.html |
| Issue no.: | MDL-19832, CVE-2009-1382 |
| Solution: | upgrade to latest weekly built, stable CVS, nightly build or copy new mimetex.* executables into any older release |
| Workaround: | disable tex and algebra filters |
Description:
John Forkosh fixed several serious vulnerabilities in mimeTeX binary which is used in Moodle by TeX and Algebra filter. This was rated as "critical" upstream, however the risk is slightly less on Moodle because this filter can be disabled (and is disabled by default). In addition, the vulnerability is only exposed to valid users who have logged in to Moodle.
