Re: Fwd: DSA 2338-1 moodle security update

[Kurt Seifried <kseifried () redhat com>]

Ok so for the sake of completeness the following is all Moodle Security
Advisories from 2011 so far. One has a CVE assigned (rather, it moodle
repackages phpMyAdmin which has a CVE assigned), several are security
hardening fixes (so no CVE) and several require admin access (so they
don't cross a security boundary, so no CVE). Notes are included.

I also found CVE-2011-3757, I'm unable to confirm this issue (I just get
a 500 internal server error) but
http://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=2c28fa7643b168006883a81a2421012d357a22d6
would indicate it's been fixed.

P.S. could someone from moodle maybe request CVE's when they assign a
security advisory (just forward a copy of the MSA to the OSS list would
do the trick), barrnig that if a community member could take it upon
themselves that would be nice (then CVE's can be assigned promptly).

=====================

MSA-11-0001: ALREADY ASSIGNED CVE-2011-0987 Customised phpMyAdmin
upgraded to 2.11.11.3 and 3.3.9.2

MSA-11-0002: CVE-2011-4133 Cross-site request forgery vulnerability in
RSS block

MSA-11-0003: CVE-2011-4278 Cross-site scripting vulnerability in tag
autocomplete

MSA-11-0004: CVE-2011-4279 $CFG->forceloginforprofiles setting ignored
in course profiles

MSA-11-0005: CVE-2011-4280 Cross-site scripting vulnerability in
spikephpcoverage

MSA-11-0006: CVE-2011-4281 Cross-site request forgery and missing access
control in course completion

MSA-11-0007: CVE-2011-4282 Cross-site scripting vulnerability in course tags

MSA-11-0008: CVE-2011-4283 IMS enterprise enrolment file may disclose
sensitive information

MSA-11-0009: CVE-2011-4284 My profile block may disclose private
information if used in user context

MSA-11-0010: CVE-2011-4285 Incorrect default for mod:course/delete
capability in teacher role

MSA-11-0011: CVE-2011-4286 Multiple cross-site scripting problems in
media filter

MSA-11-0012: CVE-2011-4287 Authentication issue

MSA-11-0013: CVE-2011-4288 Group/Quiz permissions issue

MSA-11-0014: CVE-2011-4289 Personal details displayed without permission

MSA-11-0015: CVE-2011-4290 Cross Site Scripting through URL encoding

MSA-11-0016: CVE-2011-4291 Ability to fill a database with invalid
records through ratings

MSA-11-0017: CVE-2011-4292 Ability to generate invalid records in the
comments table in the database

MSA-11-0018: NO CVE Lacking capability controls over cohorts (hardening)

MSA-11-0019: CVE-2011-4293 Themes writing to files outside Moodle data
directory

MSA-11-0020: CVE-2011-4294 Continue links in error messages can lead offsite

MSA-11-0021: CVE-2011-4295 Role assignment web service function not
following restrictions

MSA-11-0022: CVE-2011-4296 Course creators could change filters at
course level

MSA-11-0023: CVE-2011-4297 Guests can add comments to front page activities

MSA-11-0024: NO CVE Recaptcha images were being authenticated from an
older server (hardening)

MSA-11-0025: NO CVE Group names in user upload CSV not being escaped
(need to be admin)

MSA-11-0026: NO CVE Fields in user upload CSV not being escaped (need to
be admin)

MSA-11-0027: CVE-2011-4298 Wiki pages reference forgery issue

MSA-11-0028: CVE-2011-4299 Wiki comments cross site scripting issue

MSA-11-0029: CVE-2011-4300 File visibility issue

MSA-11-0030: NO CVE Box.net repository integration authentication issue
(hardening)

MSA-11-0031: CVE-2011-4301 Forms API constant issue

MSA-11-0032: CVE-2011-4302 MNET SSL validation issue

MSA-11-0033: CVE-2011-4303 Site-hub registration identity issue

MSA-11-0034: CVE-2011-4304 Chat module information leak

MSA-11-0035: NO CVE Cookie-less session vulnerability (hardening)

MSA-11-0036: CVE-2011-4305 Messaging refresh vulnerability

MSA-11-0037: CVE-2011-4306 Course section editing injection vulnerability

MSA-11-0038: NO CVE Database injection protection strengthened (hardening)

MSA-11-0039: CVE-2011-4307 Wiki section vulnerability

MSA-11-0040: CVE-2011-4308 Potential personal information leak

MSA-11-0041: CVE-2011-4309 Global search authentication issue

--

Kurt Seifried / Red Hat Security Response Team