Criticality level : Moderately critical
Impact : Unknown
Security Bypass
Cross Site Scripting
Spoofing
Exposure of sensitive information
Where: From remote
Solution Status : Vendor Patch
Software: Moodle 1.9.x
Moodle 2.1.x
Moodle 2.2.x
Moodle 2.3.x
Moodle 2.4.x
Description:
Multiple weaknesses, two security issues, and multiple vulnerabilities have been reported in Moodle, where one has an unknown impact and the others can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct spoofing and cross-site request forgery attacks and disclose potentially sensitive information.
1) An unspecified error exists in the spellchecker plugin for TinyMCE. No further information is currently available.
This vulnerability is reported in versions 2.4, 2.3 through 2.3.3+, 2.2 through 2.2.6+, and 2.1 through 2.1.9+.
2) The application does not properly verify capabilities when editing outcomes, which can be exploited to set outcomes to be a site-wide standard.
Successful exploitation of this security issue requires teacher permission.
This security issue is reported in versions 2.4, 2.3 through 2.3.3+, 2.2 through 2.2.6+, 2.1 through 2.1.9+, and 1.9 through 1.9.19.
3) Input passed via the "returnurl" parameter to multiple scripts is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain.
List of affected scripts:
http://[host]/backup/backupfilesedit.php
http://[host]/comment/comment_post.php
http://[host]/course/switchrole.php
http://[host]/mod/wiki/filesedit.php
http://[host]/tag/coursetags_add.php
http://[host]/user/files.php
This weakness is reported in versions 2.4, 2.3 through 2.3.3+, and 2.2 to 2.2.6+.
4) The application does not properly restrict access to the feedback comment viewing functionality, which can be exploited to view otherwise restricted feedback comments provided on other students' submissions.
Successful exploitation of this vulnerability requires student permission.
This vulnerability is reported in versions 2.4 and 2.3 through 2.3.3+.
5) The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. send course messages when a logged-in user visits a specially crafted web page.
6) The application does not properly restrict access to certain blog posts, which can be exploited to disclose contents of otherwise restricted blog posts via related RSS feeds.
The vulnerabilities #5 and #6 are reported in versions 2.4, 2.3 through 2.3.3+, and 2.2 to 2.2.6+.
7) The application does not properly verify capabilities when handling calendars, which can be exploited to delete a teacher created course level calendar subscription.
Successful exploitation of this security issue requires student permission.
This security issue is reported in version 2.4.
Solution:
Update to version 2.4.1, 2.3.4, 2.2.7, 2.1.10, or 1.9.19+ weekly build (2012-12-20) or later.
Provided and/or discovered by:
The vendor credits:
1) Petr Skoda
2) Elena Ivanova
3) Simon Coggins
4) Dan Poltawski
5) Andrew Nicols
6) Charles Fulton
7) David O'Brien
Original Advisory:
Moodle (MSA-13-0001, MSA-13-0002, MSA-13-0005, MSA-13-0006, MSA-13-0007, MSA-13-0008, MSA-13-0010):
https://moodle.org/mod/forum/discuss.php?d=219612
https://moodle.org/mod/forum/discuss.php?d=220157
https://moodle.org/mod/forum/discuss.php?d=220158
https://moodle.org/mod/forum/discuss.php?d=220162
https://moodle.org/mod/forum/discuss.php?d=220163
https://moodle.org/mod/forum/discuss.php?d=220164
https://moodle.org/mod/forum/discuss.php?d=220165
https://moodle.org/mod/forum/discuss.php?d=220167
http://secunia.com/advisories/51842/
No comments:
Post a Comment