==================================================================== CERT-Renater Note d'Information No. 2012/VULN280 ____________________________________________________________________ DATE : 18/07/2012 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Moodle versions 2.3, 2.2 to 2.2.3+, 2.1 to 2.1.6+, 2.0 to 2.0.9+, 1.9 to 1.9.18+. ====================================================================== http://moodle.org/mod/forum/discuss.php?d=207145 http://moodle.org/mod/forum/discuss.php?d=207146 http://moodle.org/mod/forum/discuss.php?d=207147 http://moodle.org/mod/forum/discuss.php?d=207148 http://moodle.org/mod/forum/discuss.php?d=207149 http://moodle.org/mod/forum/discuss.php?d=207150 http://moodle.org/mod/forum/discuss.php?d=207151 http://moodle.org/mod/forum/discuss.php?d=207152 http://moodle.org/mod/forum/discuss.php?d=207153 http://moodle.org/mod/forum/discuss.php?d=207154 http://moodle.org/mod/forum/discuss.php?d=207155 http://moodle.org/mod/forum/discuss.php?d=207156 ______________________________________________________________________ MSA-12-0039: File upload validation issue par Michael de Raadt, mardi 17 juillet 2012, 08:11 Topic: file_save_draft_area_files() does not validate references are allowed Severity/Risk: Minor Versions affected: 2.3 Reported by: Petr Škoda Issue no.: MDL-33948 CVE Identifier: CVE-2012-3387 Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33948 Description: Where file shortcuts/aliases were not permitted, this was being validated at the client, but not on the server. ____________________________________________________________________ MSA-12-0040: Capabilities issue through caching par Michael de Raadt, mardi 17 juillet 2012, 08:13 Topic: lib/accesslib.php is_enrolled doesn't check capabilities for cached users Severity/Risk: Minor Versions affected: 2.3, 2.2 to 2.2.3+ Reported by: Andrew Nicols Issue no.: MDL-33916 CVE Identifier: CVE-2012-3388 Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33916 Description: Capability checks were not working properly after a user record had been cached. ____________________________________________________________________ MSA-12-0041: XSS issue in LTI module par Michael de Raadt, mardi 17 juillet 2012, 08:14 Topic: XSS vulnerabilities in /mod/lti/typessettings.php (POST parameters: lti_typename, lti_toolurl) Severity/Risk: Serious Versions affected: 2.3, 2.2 to 2.2.3+ Reported by: Dan Poltawski Issue no.: MDL-31692 CVE Identifier: CVE-2012-3389 Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-31692 Description: Parameters used by the LTI (External tool) module were not being sufficiently cleaned. ________________________________________________________________ MSA-12-0042: File access issue in blocks par Michael de Raadt, mardi 17 juillet 2012, 08:18 Topic: Missing permissions check in pluginfile for blocks Severity/Risk: Minor Versions affected: 2.2 to 2.2.3+, 2.1 to 2.1.6+ Reported by: Juan Leyva Issue no.: MDL-32155 Workaround: Do not embed sensitive documents in HTML blocks CVE Identifier: CVE-2012-3390 Changes (2.2): http://git.moodle.org/gw?p=moodle.git;a=commit; h=c58c05ad4f22c6ee1e136a7d4caaddd809a7134d Description: Files embedded by a block (eg., the HTML block) were accessible after the block had been hidden. __________________________________________________________________ MSA-12-0043: Early information access issue in forum par Michael de Raadt, mardi 17 juillet 2012, 08:18 Topic: Forum displays Q&A posts in RSS feeds before users have correct access Severity/Risk: Minor Versions affected: 2.2 to 2.2.3+, 2.1 to 2.1.6+ Reported by: Andrew Nicols Issue no.: MDL-32199 Workaround: Do not provide RSS access to Q&A forums CVE Identifier: CVE-2012-3391 Changes (2.2): http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_22_STABLE&st=commit&s=MDL-32199 Description: Q&A forum posts should not be visible to students until they have contributed a post, however an RSS feed from such a forum was displaying all posts. ___________________________________________________________________ MSA-12-0044: Capability check issue in forum subscriptions par Michael de Raadt, mardi 17 juillet 2012, 08:20 Topic: Add some capability checks etc to mod/forum/unsubscribeall.php Severity/Risk: Minor Versions affected: 2.2 to 2.2.3+, 2.1 to 2.1.6+ Reported by: Andrew Davis Issue no.: MDL-31460 CVE Identifier: CVE-2012-3392 Changes (2.2): http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_22_STABLE&st=commit&s=MDL-31460 Description: The capability for students to unsubscribe from forums was not being checked properly. ____________________________________________________________________ MSA-12-0045: Injection potential in admin for repositories par Michael de Raadt, mardi 17 juillet 2012, 08:22 Topic: HTML/JS Injection possible in repository names Severity/Risk: Minor Versions affected: 2.2 to 2.2.3+, 2.1 to 2.1.6+ Reported by: Daniel Compton Issue no.: MDL-33808 CVE Identifier: CVE-2012-3393 Changes (2.2): http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_22_STABLE&st=commit&s=MDL-33808 Description: The administration setting that allowed renaming of repositories was not being filtered. _____________________________________________________________________ MSA-12-0046: Insecure protocol redirection in LDAP authentication par Michael de Raadt, mardi 17 juillet 2012, 08:43 Topic: redirect() "forgets" https Severity/Risk: Minor Versions affected: 2.3, 2.2 to 2.2.3+, 2.1 to 2.1.6+, 2.0 to 2.0.9+ Reported by: Christophe Issue no.: MDL-23254 CVE Identifier: CVE-2012-3394 Changes (2.2): http://git.moodle.org/gw?p=moodle.git;a=commit;h=9d8d2ee6192e8b7ebb6713bd6215e06f94e2a9f7 Description: Users redirected during a login utilising LDAP were being redirected from https to http protocol. _____________________________________________________________________ MSA-12-0047: SQL injection potential in Feedback module par Michael de Raadt, mardi 17 juillet 2012, 08:44 Topic: Feedback module abuses data_submitted Severity/Risk: Serious Versions affected: 2.2 to 2.2.3+, 2.1 to 2.1.6+, 2.0 to 2.0.9+ Reported by: Dan Marsden Issue no.: MDL-27675 CVE Identifier: CVE-2012-3395 Changes (2.2): http://git.moodle.org/gw?p=moodle.git&a=search&h=9d8d2ee6192e8b7ebb6713bd6215e06f94e2a9f7&st=commit&s=MDL-27675 Description: The Feedback module was accepting some form data without filtering. ______________________________________________________________________ MSA-12-0048: Possible XSS in cohort administration par Michael de Raadt, mardi 17 juillet 2012, 08:44 Topic: Possible XSS vuln caused by MDL-31691 commit Severity/Risk: Minor Versions affected: 2.3, 2.2 to 2.2.3+, 2.1 to 2.1.6+, 2.0 to 2.0.9+ Reported by: Eugene Issue no.: MDL-34045 CVE Identifier: CVE-2012-3396 Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34045 Description: Fields used in the administration of cohorts were not being correctly filtered. ______________________________________________________________________ MSA-12-0049: Group restricted activity displayed to all users par Michael de Raadt, mardi 17 juillet 2012, 08:44 Topic: Grouping restriction settings not applied correctly when Restrict Access set to greyed-out Severity/Risk: Minor Versions affected: 2.3, 2.2 to 2.2.3+, 2.1 to 2.1.6+, 2.0 to 2.0.9+ Reported by: Luke Tucker Issue no.: MDL-33466 CVE Identifier: CVE-2012-3397 Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33466 Description: "Restrict access" conditions were incorrectly overriding grouping settings when displaying activities. ______________________________________________________________________ MSA-12-0050: Potential DOS attack through database activity par Michael de Raadt, mardi 17 juillet 2012, 08:44 Topic: database activity advanced search can be very dangerous (backport of MDL-17327) Severity/Risk: Minor Versions affected: 2.2 to 2.2.3+, 2.1 to 2.1.6+, 2.0 to 2.0.9+, 1.9 to 1.9.18+ Reported by: Séverin Terrier Issue no.: MDL-32126 CVE Identifier: CVE-2012-3398 Changes (2.2): http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_22_STABLE&st=commit&s=MDL-32126 Description: Inefficient queries on a database activity with a large number of records could have caused long periods of high CPU load, crippling a system. ====================================================================== ========================================================= Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================