SB2012091901 - Multiple vulnerabilities in Moodle
Published: September 19, 2012 Updated: August 11, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 6 secuirty vulnerabilities.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2012-4400)
The vulnerability allows a remote #AU# to manipulate data.
repository/repository_ajax.php in Moodle 2.2.x before 2.2.5 and 2.3.x before 2.3.2 allows remote authenticated users to bypass intended upload-size restrictions via a -1 value in the maxbytes field.
2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2012-4401)
The vulnerability allows a remote #AU# to manipulate data.
Moodle 2.2.x before 2.2.5 and 2.3.x before 2.3.2 allows remote authenticated users to bypass intended capability restrictions and perform certain topic changes by leveraging course-editing capabilities.
3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2012-4402)
The vulnerability allows a remote #AU# to read and manipulate data.
webservice/lib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly restrict the use of web-service tokens, which allows remote authenticated users to run arbitrary external-service functions via a token intended for only one service.
4) Information disclosure (CVE-ID: CVE-2012-4403)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
theme/yui_combo.php in Moodle 2.3.x before 2.3.2 does not properly construct error responses for the drag-and-drop script, which allows remote attackers to obtain the installation path by sending a request for a nonexistent resource and then reading the response.
5) Information disclosure (CVE-ID: CVE-2012-4407)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
lib/filelib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly check the publication state of blog files, which allows remote attackers to obtain sensitive information by reading a blog entry that references a non-public file.
6) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2012-4408)
The vulnerability allows a remote #AU# to read and manipulate data.
course/reset.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 checks an update capability instead of a reset capability, which allows remote authenticated users to bypass intended access restrictions via a reset operation.
Remediation
Install update from vendor's website.
References
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-30792
- http://moodle.org/mod/forum/discuss.php?d=211555
- http://openwall.com/lists/oss-security/2012/09/17/1
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-28207
- http://moodle.org/mod/forum/discuss.php?d=211556
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34368
- http://moodle.org/mod/forum/discuss.php?d=211559
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-35168
- http://moodle.org/mod/forum/discuss.php?d=211560
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34585
- http://moodle.org/mod/forum/discuss.php?d=211557
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34519
- http://moodle.org/mod/forum/discuss.php?d=211558