Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Moodle 2.1.x < 2.1.9 / 2.2.x < 2.2.6 / 2.3.x < 2.3.3 Multiple Vulnerabilities

Medium

Synopsis

The remote web server is hosting a web application that is vulnerable to multiple attack vector.

Description

The remote web server hosts Moodle, an open-source course management system. Versions of Moodle 2.1.x prior to 2.1.9, 2.2.x prior to 2.2.6, and 2.3.x prior to 2.3.3 are affected by multiple vulnerabilities :

- A flaw exists that is due to the program not properly terminating sessions when a user disconnects from Moodle. This may allow an attacker with physical access to the computer to more easily access a user's dropbox repository. (CVE-2012-5471) - A flaw exists that is triggered during the handling of a specially crafted value of a frozen form field. This may allow a remote authenticated attacker to bypass access restrictions. (CVE-2012-5472) - A flaw exists that is due to the Database Activity module not properly restricting access to activity entries. This may allow a remote authenticated attacker to gain access to arbitrary users' activity entries via an advanced search. (CVE-2012-5473) - A flaw exists that allows a remote user to execute arbitrary code. This flaw exists because the Portfolio plugin does not properly verify or sanitize user-uploaded files. By uploading a specially crafted API Callback file, the remote system will place the file in a user-accessible path. Making a direct request to the uploaded file will allow the user to execute the script with the privileges of the web server. (CVE-2012-5479) - A flaw exists related to the Database activity module, which may allow a remote attacker to bypass intended access restrictions. With an advanced search the attacker may be able to read other participants' entries. (CVE-2012-5480) - A flaw exists that may lead to an unauthorized information disclosure. The issue may allow a remote authenticated attacker to bypass the 'moodle/role:manage' capability requirement, which will allow the attacker to read all capability data via the check permissions page. (CVE-2012-5481)

Solution

Upgrade to Moodle version 2.3.3 or later. If version 2.3.x cannot be obtained, versions 2.2.6 and 2.1.9 are also patched for these vulnerabilities.