Moodle 2.3.x < 2.3.9 / 2.4.x < 2.4.6 / 2.5.x < 2.5.2 Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 9418

Synopsis

The remote web server is hosting a web application that is vulnerable to multiple attack vectors.

Description

The remote web server hosts Moodle, an open-source course management system. Versions of Moodle 2.3.x prior to 2.3.9, 2.4.x prior to 2.4.6 or 2.5.x prior to 2.5.2 are exposed to the following vulnerabilities :

- One of Moodle's dependencies, the PHP cURL Library (libcurl), contains a flaw related to domain name validation during certificate validation. The issue is due to the server hostname not being verified to match a domain name in the Subject's Common Name (CN) or SubjectAltName field of the X.509 certificate. This may allow a man-in-the-middle attacker to spoof SSL servers via an arbitrary certificate that appears valid. Such an attack would allow for the interception of sensitive traffic, and potentially allow for the injection of content into the SSL stream. (CVE-2012-6087)
- A flaw exists that may allow an attacker to carry out an SQL injection attack. The issue is triggered when handling NULL bytes from a query string. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. (CVE-2013-4313)
- A flaw exists that allows a stored cross-site scripting (XSS) attack. This flaw exists because the application does not validate input passed via links upon submission to the 'blog/external_blog_edit.php' script. This may allow an attacker to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. (CVE-2013-4341)
- A flaw exists that is due to unserialized input in the 'badges/external.php' script. This may allow a remote attacker to inject objects leading to the deletion of arbitrary files via 'csv_export_writer::__destruct()' method in 'lib/csvlib.class.php' or conduct cross-site scripting (XSS) attacks via the 'core_badges_renderer::render_external_badge()' method in 'badges/renderer.php'. (CVE-2013-5674)

Solution

Upgrade to Moodle version 2.5.2 or later. If version 2.5.x cannot be obtained, versions 2.4.6 and 2.3.9 are also patched for these issues.

See Also

https://docs.moodle.org/dev/Moodle_2.3.9_release_notes

https://docs.moodle.org/dev/Moodle_2.4.6_release_notes

https://docs.moodle.org/dev/Moodle_2.5.2_release_notes

Plugin Details

Severity: High

ID: 9418

File Name: 9418.prm

Family: CGI

Published: 2016/07/21

Modified: 2016/07/21

Dependencies: 8690

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 7.3

Temporal Score: 6.8

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:moodle:moodle

Patch Publication Date: 2013/09/09

Vulnerability Publication Date: 2013/09/16

Reference Information

CVE: CVE-2012-6087, CVE-2013-4313, CVE-2013-4341, CVE-2013-5674

BID: 57104, 62277, 62408, 62410, 62411, 62412