[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Moodle security notifications public
From: Michael de Raadt <michaeld () moodle ! com>
Date: 2012-09-17 4:09:15
Message-ID: 5056A26B.5020905 () moodle ! com
[Download RAW message or body]
The following security notifications have now been made public. Thanks
to OSS members for their cooperation.
=======================================================================
MSA-12-0051: File upload size constraint issue
Topic: /repository/repository_ajax.php allows you to supply
-1 for "maxbytes" and side step moodle file size
restrictions
Severity/Risk: Minor
Versions affected: 2.3 to 2.3.1+, 2.2 to 2.2.4+
Reported by: Andrew Davis
Issue no.: MDL-30792
CVE Identifier: CVE-2012-4400
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-30792
Description:
It was possible for a user to manipulate script parameters to upload a
file larger than set limits.
=======================================================================
MSA-12-0052: Course topics permission issue
Topic: Permissions problems in topic course format
Severity/Risk: Minor
Versions affected: 2.3 to 2.3.1+, 2.2 to 2.2.4+
Reported by: Alexander Bias
Issue no.: MDL-28207
CVE Identifier: 2012-4401
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-28207
Description:
Users with course editing capabilities, but without permission to
show/hide topics and set the current topic were able to complete
these actions under certain conditions.
=======================================================================
MSA-12-0053: Blog file access issue
Topic: 'publishstate' === 'public'
Severity/Risk: Minor
Versions affected: 2.3 to 2.3.1+, 2.2 to 2.2.4+, 2.1 to 2.1.7+
Reported by: Kyle Decot
Issue no.: MDL-34585
CVE Identifier: CVE-2012-4407
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34585
Description:
Files embedded as part of a blog were being delivered without checking
the publication state properly.
=======================================================================
MSA-12-0054: Course reset permission issue
Topic: Course reset not protected by proper capability
Severity/Risk: Minor
Versions affected: 2.3 to 2.3.1+, 2.2 to 2.2.4+, 2.1 to 2.1.7+
Reported by: Rex Lorenzo
Issue no.: MDL-34519
CVE Identifier: CVE-2012-4408
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34519
Description:
The course reset link was protected by a correct permission but the
reset page itself was being checked for a different permission.
=======================================================================
MSA-12-0055: Web service access token issue
Topic: A web service token allows the user to run functions
from any external service, not just those linked to
the external service the token is for
Severity/Risk: Serious
Versions affected: 2.3 to 2.3.1+, 2.2 to 2.2.4+, 2.1 to 2.1.7+
Reported by: Nathan Mares
Issue no.: MDL-34368
CVE Identifier: CVE-2012-4402
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34368
Description:
Users with permission to access multiple services were able to use a
token from one service to access another.
=======================================================================
MSA-12-0056: Information leak in drag-and-drop
Topic: Information disclosure in yui_combo.php
Severity/Risk: Minor
Versions affected: 2.3 to 2.3.1+
Reported by: Mark Baseggio
Issue no.: MDL-35168
CVE Identifier: CVE-2012-4403
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-35168
Description:
The drag-and-drop script was responding to bad requests with
information that included the full path to scripts on the server.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic