Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <5056A26B.5020905@moodle.com>
Date: Mon, 17 Sep 2012 12:09:15 +0800
From: Michael de Raadt <michaeld@...dle.com>
To: oss-security@...ts.openwall.com
Subject: Moodle security notifications public

The following security notifications have now been made public. Thanks 
to OSS members for their cooperation.

=======================================================================
MSA-12-0051: File upload size constraint issue

Topic:             /repository/repository_ajax.php allows you to supply
                    -1 for "maxbytes" and side step moodle file size
                    restrictions
Severity/Risk:     Minor
Versions affected: 2.3 to 2.3.1+, 2.2 to 2.2.4+
Reported by:       Andrew Davis
Issue no.:         MDL-30792
CVE Identifier:    CVE-2012-4400
Changes (master):  http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-30792
Description:
It was possible for a user to manipulate script parameters to upload a
file larger than set limits.

=======================================================================
MSA-12-0052: Course topics permission issue

Topic:             Permissions problems in topic course format
Severity/Risk:     Minor
Versions affected: 2.3 to 2.3.1+, 2.2 to 2.2.4+
Reported by:       Alexander Bias
Issue no.:         MDL-28207
CVE Identifier:    2012-4401
Changes (master):  http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-28207
Description:
Users with course editing capabilities, but without permission to
show/hide topics and set the current topic were able to complete
these actions under certain conditions.

=======================================================================
MSA-12-0053: Blog file access issue

Topic:             'publishstate' === 'public'
Severity/Risk:     Minor
Versions affected: 2.3 to 2.3.1+, 2.2 to 2.2.4+, 2.1 to 2.1.7+
Reported by:       Kyle Decot
Issue no.:         MDL-34585
CVE Identifier:    CVE-2012-4407
Changes (master):  http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34585
Description:
Files embedded as part of a blog were being delivered without checking
the publication state properly.

=======================================================================
MSA-12-0054: Course reset permission issue

Topic:             Course reset not protected by proper capability
Severity/Risk:     Minor
Versions affected: 2.3 to 2.3.1+, 2.2 to 2.2.4+, 2.1 to 2.1.7+
Reported by:       Rex Lorenzo
Issue no.:         MDL-34519
CVE Identifier:    CVE-2012-4408
Changes (master):  http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34519
Description:
The course reset link was protected by a correct permission but the
reset page itself was being checked for a different permission.

=======================================================================
MSA-12-0055: Web service access token issue

Topic:             A web service token allows the user to run functions
                    from any external service, not just those linked to
                    the external service the token is for
Severity/Risk:     Serious
Versions affected: 2.3 to 2.3.1+, 2.2 to 2.2.4+, 2.1 to 2.1.7+
Reported by:       Nathan Mares
Issue no.:         MDL-34368
CVE Identifier:    CVE-2012-4402
Changes (master):  http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34368
Description:
Users with permission to access multiple services were able to use a
token from one service to access another.

=======================================================================
MSA-12-0056: Information leak in drag-and-drop

Topic:             Information disclosure in yui_combo.php
Severity/Risk:     Minor
Versions affected: 2.3 to 2.3.1+
Reported by:       Mark Baseggio
Issue no.:         MDL-35168
CVE Identifier:    CVE-2012-4403
Changes (master):  http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-35168
Description:
The drag-and-drop script was responding to bad requests with
information that included the full path to scripts on the server.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.