ID CVE-2009-4298Type cveReporter cve@mitre.orgModified 2009-12-16T05:00:00
Description
The LAMS module (mod/lams) for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores the (1) username, (2) firstname, and (3) lastname fields within the user table, which allows attackers to obtain user account information via unknown vectors.
{"id": "CVE-2009-4298", "bulletinFamily": "NVD", "title": "CVE-2009-4298", "description": "The LAMS module (mod/lams) for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores the (1) username, (2) firstname, and (3) lastname fields within the user table, which allows attackers to obtain user account information via unknown vectors.", "published": "2009-12-16T01:30:00", "modified": "2009-12-16T05:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4298", "reporter": "cve@mitre.org", "references": ["http://docs.moodle.org/en/Moodle_1.8.11_release_notes", "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00730.html", "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00751.html", "http://docs.moodle.org/en/Moodle_1.9.7_release_notes", "http://www.securityfocus.com/bid/37244", "http://www.vupen.com/english/advisories/2009/3455", "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00704.html", "http://secunia.com/advisories/37614", "http://moodle.org/mod/forum/discuss.php?d=139102"], "cvelist": ["CVE-2009-4298"], "type": "cve", "lastseen": "2019-05-29T18:10:01", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "96b09dd5aa552e5018961d003bf03b71"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "88c3046e8ff020d9ee2156f97e56b97a"}, {"key": "cpe23", "hash": "5a766638ccd786d1f2224d4c5517a350"}, {"key": "cvelist", "hash": "af56b8b7e7dced14a0697bf77b5e08a8"}, {"key": "cvss", "hash": "a89198c45ce87f7ec9735a085150b708"}, {"key": "cvss2", "hash": "1d699dd0d3ebfaede252682f4cea0a88"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "b647a850fd42b235dd11ee60cf626f2d"}, {"key": "description", "hash": "23bd8b6b7d61d1b1da0be1c7c5ab1042"}, {"key": "href", "hash": "280c042a68e8b60af16fd88935fe7da2"}, {"key": "modified", "hash": "ab1042785af1f16e69e240af1471f97c"}, {"key": "published", "hash": "b919da275e4d1d146177241ac0babba2"}, {"key": "references", "hash": "bf99ad47be4f02bbb8c3358b9e837ff7"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "b9677f342b5af5edbb0726eaa8d37051"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "aa182d05659b5b05e85fd6b68dfb2e38a578f683c5193d3d61d76371a078b427", "viewCount": 0, "enchantments": {"score": {"value": 4.7, "vector": "NONE", "modified": "2019-05-29T18:10:01"}, "dependencies": {"references": [{"type": "nessus", "idList": ["FEDORA_2009-13080.NASL", "FEDORA_2009-13040.NASL", "SUSE_11_0_MOODLE-100208.NASL", "SUSE_11_1_MOODLE-100208.NASL", "DEBIAN_DSA-1986.NASL", "FEDORA_2009-13065.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:66807", "OPENVAS:136141256231066502", "OPENVAS:66502", "OPENVAS:66504", "OPENVAS:136141256231066807", "OPENVAS:136141256231066504"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:23161", "SECURITYVULNS:VULN:10584"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1986-1:30EA2"]}], "modified": "2019-05-29T18:10:01"}, "vulnersScore": 4.7}, "objectVersion": "1.3", "cpe": ["cpe:/a:moodle:moodle:1.9.4", "cpe:/a:moodle:moodle:1.8.7", "cpe:/a:moodle:moodle:1.8.2", "cpe:/a:moodle:moodle:1.9.2", "cpe:/a:moodle:moodle:1.8.4", "cpe:/a:moodle:moodle:1.8", "cpe:/a:moodle:moodle:1.9.1", "cpe:/a:moodle:moodle:1.8.1", "cpe:/a:moodle:moodle:1.8.5", "cpe:/a:moodle:moodle:1.9", "cpe:/a:moodle:moodle:1.8.9", "cpe:/a:moodle:moodle:1.9.5", "cpe:/a:moodle:moodle:1.9.3", "cpe:/a:moodle:moodle:1.9.6", "cpe:/a:moodle:moodle:1.8.3", "cpe:/a:moodle:moodle:1.8.10", "cpe:/a:moodle:moodle:1.8.8"], "affectedSoftware": [{"name": "moodle moodle", "operator": "eq", "version": "1.8.10"}, {"name": "moodle moodle", "operator": "eq", "version": "1.9.1"}, {"name": "moodle moodle", "operator": "eq", "version": "1.8.2"}, {"name": "moodle moodle", "operator": "eq", "version": "1.8.1"}, {"name": "moodle moodle", "operator": "eq", "version": "1.8.5"}, {"name": "moodle moodle", "operator": "eq", "version": "1.8.8"}, {"name": "moodle moodle", "operator": "eq", "version": "1.9.4"}, {"name": "moodle moodle", "operator": "eq", "version": "1.8.3"}, {"name": "moodle moodle", "operator": "eq", "version": "1.8.4"}, {"name": "moodle moodle", "operator": "eq", "version": "1.8.7"}, {"name": "moodle moodle", "operator": "eq", "version": "1.8"}, {"name": "moodle moodle", "operator": "eq", "version": "1.9.3"}, {"name": "moodle moodle", "operator": "eq", "version": "1.9.2"}, {"name": "moodle moodle", "operator": "eq", "version": "1.8.9"}, {"name": "moodle moodle", "operator": "eq", "version": "1.9.5"}, {"name": "moodle moodle", "operator": "eq", "version": "1.9.6"}, {"name": "moodle moodle", "operator": "eq", "version": "1.9"}], "cvss2": {"acInsufInfo": true, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:moodle:moodle:1.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.8.4:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.8.10:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.9:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.8.7:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.9.6:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.8:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.8.8:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.9.4:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.8.9:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.9.5:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.9.2:*:*:*:*:*:*:*"], "cwe": ["CWE-200"]}
{"nessus": [{"lastseen": "2019-02-21T01:12:48", "bulletinFamily": "scanner", "description": "Moodle upstream has released latest stable versions (1.9.7 and 1.8.11), fixing multiple security issues. The list for 1.9.7 release:\n-------------------------- Security issues * MSA-09-0022 - Multiple CSRF problems fixed * MSA-09-0023 - Fixed user account disclosure in LAMS module * MSA-09-0024 - Fixed insufficient access control in Glossary module\n\n - MSA-09-0025 - Unneeded MD5 hashes removed from user table * MSA-09-0026 - Fixed invalid application access control in MNET interface * MSA-09-0027 - Ensured login information is always sent secured when using SSL for logins * MSA-09-0028 - Passwords and secrets are no longer ever saved in backups, new backup capabilities moodle/backup:userinfo and moodle/restore:userinfo for controlling who can backup/restore user data, new checks in the security overview report help admins identify dangerous backup permissions * MSA-09-0029 - A strong password policy is now enabled by default, enabling password salt in encouraged in config.php, admins are forced to change password after the upgrade and admins can force password change on other users via Bulk user actions * MSA-09-0030 - New detection of insecure Flash player plugins, Moodle won't serve Flash to insecure plugins * MSA-09-0031 - Fixed SQL injection in SCORM module The list for 1.8.11 release:\n ---------------------------- Security issues * MSA-09-0022 - Multiple CSRF problems fixed * MSA-09-0023\n - Fixed user account disclosure in LAMS module * MSA-09-0024 - Fixed insufficient access control in Glossary module * MSA-09-0025 - Unneeded MD5 hashes removed from user table * MSA-09-0026 - Fixed invalid application access control in MNET interface * MSA-09-0027 - Ensured login information is always sent secured when using SSL for logins * MSA-09-0028 - Passwords and secrets are no longer ever saved in backups, new backup capabilities moodle/backup:userinfo and moodle/restore:userinfo for controlling who can backup/restore user data * MSA-09-0029 - Enabling a password salt in encouraged in config.php and admins are forced to change password after the upgrade * MSA-09-0031 - Fixed SQL injection in SCORM module References: ----------- http://docs.moodle.org/en/Moodle_1.9.7_release_notes http://docs.moodle.org/en/Moodle_1.8.11_release_notes CVE Request: ------------ http://www.openwall.com/lists/oss-security/2009/12/06/1\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-20T00:00:00", "id": "FEDORA_2009-13080.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=43123", "published": "2009-12-14T00:00:00", "title": "Fedora 11 : moodle-1.9.7-1.fc11 (2009-13080)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-13080.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(43123);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/11/20 11:04:16\");\n\n script_cve_id(\"CVE-2009-4297\", \"CVE-2009-4298\", \"CVE-2009-4299\", \"CVE-2009-4300\", \"CVE-2009-4301\", \"CVE-2009-4302\", \"CVE-2009-4303\", \"CVE-2009-4304\", \"CVE-2009-4305\");\n script_xref(name:\"FEDORA\", value:\"2009-13080\");\n\n script_name(english:\"Fedora 11 : moodle-1.9.7-1.fc11 (2009-13080)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Moodle upstream has released latest stable versions (1.9.7 and\n1.8.11), fixing multiple security issues. The list for 1.9.7 release:\n-------------------------- Security issues * MSA-09-0022 - Multiple\nCSRF problems fixed * MSA-09-0023 - Fixed user account disclosure in\nLAMS module * MSA-09-0024 - Fixed insufficient access control in\nGlossary module\n\n - MSA-09-0025 - Unneeded MD5 hashes removed from user\n table * MSA-09-0026 - Fixed invalid application access\n control in MNET interface * MSA-09-0027 - Ensured login\n information is always sent secured when using SSL for\n logins * MSA-09-0028 - Passwords and secrets are no\n longer ever saved in backups, new backup capabilities\n moodle/backup:userinfo and moodle/restore:userinfo for\n controlling who can backup/restore user data, new checks\n in the security overview report help admins identify\n dangerous backup permissions * MSA-09-0029 - A strong\n password policy is now enabled by default, enabling\n password salt in encouraged in config.php, admins are\n forced to change password after the upgrade and admins\n can force password change on other users via Bulk user\n actions * MSA-09-0030 - New detection of insecure Flash\n player plugins, Moodle won't serve Flash to insecure\n plugins * MSA-09-0031 - Fixed SQL injection in SCORM\n module The list for 1.8.11 release:\n ---------------------------- Security issues *\n MSA-09-0022 - Multiple CSRF problems fixed * MSA-09-0023\n - Fixed user account disclosure in LAMS module *\n MSA-09-0024 - Fixed insufficient access control in\n Glossary module * MSA-09-0025 - Unneeded MD5 hashes\n removed from user table * MSA-09-0026 - Fixed invalid\n application access control in MNET interface *\n MSA-09-0027 - Ensured login information is always sent\n secured when using SSL for logins * MSA-09-0028 -\n Passwords and secrets are no longer ever saved in\n backups, new backup capabilities moodle/backup:userinfo\n and moodle/restore:userinfo for controlling who can\n backup/restore user data * MSA-09-0029 - Enabling a\n password salt in encouraged in config.php and admins are\n forced to change password after the upgrade *\n MSA-09-0031 - Fixed SQL injection in SCORM module\n References: -----------\n http://docs.moodle.org/en/Moodle_1.9.7_release_notes\n http://docs.moodle.org/en/Moodle_1.8.11_release_notes\n CVE Request: ------------\n http://www.openwall.com/lists/oss-security/2009/12/06/1\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://docs.moodle.org/en/Moodle_1.8.11_release_notes\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://docs.moodle.org/en/Moodle_1.8.11_release_notes\"\n );\n # http://docs.moodle.org/en/Moodle_1.9.7_release_notes\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://docs.moodle.org/en/Moodle_1.9.7_release_notes\"\n );\n # http://www.openwall.com/lists/oss-security/2009/12/06/1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openwall.com/lists/oss-security/2009/12/06/1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=544766\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-December/032560.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?90a0b47d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected moodle package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(89, 200, 255, 264, 310, 352);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:moodle\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"moodle-1.9.7-1.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"moodle\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:13:02", "bulletinFamily": "scanner", "description": "This patch updates Moodle to the latest stable upstream version (1.9.7) fixing multiple security issues: CVE-2009-4297, CVE-2009-4298, CVE-2009-4299, CVE-2009-4300, CVE-2009-4301, CVE-2009-4302, CVE-2009-4303, CVE-2009-4304, CVE-2009-4305, MSA-09-0030 (New detection of insecure Flash player plugins)\n\nThe new version also has a completely new , more secure password handling. Beside other features, Admins will be asked to change their passwords next time they log in after upgrading.", "modified": "2016-12-21T00:00:00", "id": "SUSE_11_1_MOODLE-100208.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=44613", "published": "2010-02-15T00:00:00", "title": "openSUSE Security Update : moodle (moodle-1933)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update moodle-1933.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(44613);\n script_version(\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2016/12/21 20:09:51 $\");\n\n script_cve_id(\"CVE-2009-4297\", \"CVE-2009-4298\", \"CVE-2009-4299\", \"CVE-2009-4300\", \"CVE-2009-4301\", \"CVE-2009-4302\", \"CVE-2009-4303\", \"CVE-2009-4304\", \"CVE-2009-4305\");\n\n script_name(english:\"openSUSE Security Update : moodle (moodle-1933)\");\n script_summary(english:\"Check for the moodle-1933 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This patch updates Moodle to the latest stable upstream version\n(1.9.7) fixing multiple security issues: CVE-2009-4297, CVE-2009-4298,\nCVE-2009-4299, CVE-2009-4300, CVE-2009-4301, CVE-2009-4302,\nCVE-2009-4303, CVE-2009-4304, CVE-2009-4305, MSA-09-0030 (New\ndetection of insecure Flash player plugins)\n\nThe new version also has a completely new , more secure password\nhandling. Beside other features, Admins will be asked to change their\npasswords next time they log in after upgrading.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=564364\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected moodle packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(89, 200, 255, 264, 310, 352);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-bs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-de_du\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-fa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-hi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-km\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-kn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-lv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-mi_tn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-nn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-so\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-tl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-zh_cn\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-1.9.7-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-af-1.9.7-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-ar-1.9.7-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-be-1.9.7-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-bg-1.9.7-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-bs-1.9.7-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-ca-1.9.7-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-cs-1.9.7-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-da-1.9.7-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-de-1.9.7-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-de_du-1.9.7-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-el-1.9.7-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-es-1.9.7-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-et-1.9.7-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-eu-1.9.7-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-fa-1.9.7-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-fi-1.9.7-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-fr-1.9.7-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-ga-1.9.7-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-gl-1.9.7-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-he-1.9.7-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-hi-1.9.7-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-hr-1.9.7-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-hu-1.9.7-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-id-1.9.7-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-is-1.9.7-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-it-1.9.7-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-ja-1.9.7-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-ka-1.9.7-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-km-1.9.7-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-kn-1.9.7-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-ko-1.9.7-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-lt-1.9.7-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-lv-1.9.7-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-mi_tn-1.9.7-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-ms-1.9.7-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-nl-1.9.7-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-nn-1.9.7-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-no-1.9.7-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-pl-1.9.7-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-pt-1.9.7-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-ro-1.9.7-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-ru-1.9.7-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-sk-1.9.7-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-sl-1.9.7-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-so-1.9.7-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-sq-1.9.7-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-sr-1.9.7-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-sv-1.9.7-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-th-1.9.7-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-tl-1.9.7-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-tr-1.9.7-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-uk-1.9.7-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-vi-1.9.7-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-zh_cn-1.9.7-0.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"moodle\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:12:48", "bulletinFamily": "scanner", "description": "Moodle upstream has released latest stable versions (1.9.7 and 1.8.11), fixing multiple security issues. The list for 1.9.7 release:\n-------------------------- Security issues * MSA-09-0022 - Multiple CSRF problems fixed * MSA-09-0023 - Fixed user account disclosure in LAMS module * MSA-09-0024 - Fixed insufficient access control in Glossary module\n\n - MSA-09-0025 - Unneeded MD5 hashes removed from user table * MSA-09-0026 - Fixed invalid application access control in MNET interface * MSA-09-0027 - Ensured login information is always sent secured when using SSL for logins * MSA-09-0028 - Passwords and secrets are no longer ever saved in backups, new backup capabilities moodle/backup:userinfo and moodle/restore:userinfo for controlling who can backup/restore user data, new checks in the security overview report help admins identify dangerous backup permissions * MSA-09-0029 - A strong password policy is now enabled by default, enabling password salt in encouraged in config.php, admins are forced to change password after the upgrade and admins can force password change on other users via Bulk user actions * MSA-09-0030 - New detection of insecure Flash player plugins, Moodle won't serve Flash to insecure plugins * MSA-09-0031 - Fixed SQL injection in SCORM module The list for 1.8.11 release:\n ---------------------------- Security issues * MSA-09-0022 - Multiple CSRF problems fixed * MSA-09-0023\n - Fixed user account disclosure in LAMS module * MSA-09-0024 - Fixed insufficient access control in Glossary module * MSA-09-0025 - Unneeded MD5 hashes removed from user table * MSA-09-0026 - Fixed invalid application access control in MNET interface * MSA-09-0027 - Ensured login information is always sent secured when using SSL for logins * MSA-09-0028 - Passwords and secrets are no longer ever saved in backups, new backup capabilities moodle/backup:userinfo and moodle/restore:userinfo for controlling who can backup/restore user data * MSA-09-0029 - Enabling a password salt in encouraged in config.php and admins are forced to change password after the upgrade * MSA-09-0031 - Fixed SQL injection in SCORM module References: ----------- http://docs.moodle.org/en/Moodle_1.9.7_release_notes http://docs.moodle.org/en/Moodle_1.8.11_release_notes CVE Request: ------------ http://www.openwall.com/lists/oss-security/2009/12/06/1\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-20T00:00:00", "id": "FEDORA_2009-13065.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=43121", "published": "2009-12-14T00:00:00", "title": "Fedora 12 : moodle-1.9.7-1.fc12 (2009-13065)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-13065.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(43121);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/11/20 11:04:16\");\n\n script_cve_id(\"CVE-2009-4297\", \"CVE-2009-4298\", \"CVE-2009-4299\", \"CVE-2009-4300\", \"CVE-2009-4301\", \"CVE-2009-4302\", \"CVE-2009-4303\", \"CVE-2009-4304\", \"CVE-2009-4305\");\n script_xref(name:\"FEDORA\", value:\"2009-13065\");\n\n script_name(english:\"Fedora 12 : moodle-1.9.7-1.fc12 (2009-13065)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Moodle upstream has released latest stable versions (1.9.7 and\n1.8.11), fixing multiple security issues. The list for 1.9.7 release:\n-------------------------- Security issues * MSA-09-0022 - Multiple\nCSRF problems fixed * MSA-09-0023 - Fixed user account disclosure in\nLAMS module * MSA-09-0024 - Fixed insufficient access control in\nGlossary module\n\n - MSA-09-0025 - Unneeded MD5 hashes removed from user\n table * MSA-09-0026 - Fixed invalid application access\n control in MNET interface * MSA-09-0027 - Ensured login\n information is always sent secured when using SSL for\n logins * MSA-09-0028 - Passwords and secrets are no\n longer ever saved in backups, new backup capabilities\n moodle/backup:userinfo and moodle/restore:userinfo for\n controlling who can backup/restore user data, new checks\n in the security overview report help admins identify\n dangerous backup permissions * MSA-09-0029 - A strong\n password policy is now enabled by default, enabling\n password salt in encouraged in config.php, admins are\n forced to change password after the upgrade and admins\n can force password change on other users via Bulk user\n actions * MSA-09-0030 - New detection of insecure Flash\n player plugins, Moodle won't serve Flash to insecure\n plugins * MSA-09-0031 - Fixed SQL injection in SCORM\n module The list for 1.8.11 release:\n ---------------------------- Security issues *\n MSA-09-0022 - Multiple CSRF problems fixed * MSA-09-0023\n - Fixed user account disclosure in LAMS module *\n MSA-09-0024 - Fixed insufficient access control in\n Glossary module * MSA-09-0025 - Unneeded MD5 hashes\n removed from user table * MSA-09-0026 - Fixed invalid\n application access control in MNET interface *\n MSA-09-0027 - Ensured login information is always sent\n secured when using SSL for logins * MSA-09-0028 -\n Passwords and secrets are no longer ever saved in\n backups, new backup capabilities moodle/backup:userinfo\n and moodle/restore:userinfo for controlling who can\n backup/restore user data * MSA-09-0029 - Enabling a\n password salt in encouraged in config.php and admins are\n forced to change password after the upgrade *\n MSA-09-0031 - Fixed SQL injection in SCORM module\n References: -----------\n http://docs.moodle.org/en/Moodle_1.9.7_release_notes\n http://docs.moodle.org/en/Moodle_1.8.11_release_notes\n CVE Request: ------------\n http://www.openwall.com/lists/oss-security/2009/12/06/1\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://docs.moodle.org/en/Moodle_1.8.11_release_notes\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://docs.moodle.org/en/Moodle_1.8.11_release_notes\"\n );\n # http://docs.moodle.org/en/Moodle_1.9.7_release_notes\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://docs.moodle.org/en/Moodle_1.9.7_release_notes\"\n );\n # http://www.openwall.com/lists/oss-security/2009/12/06/1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openwall.com/lists/oss-security/2009/12/06/1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=544766\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-December/032539.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5c9a6869\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected moodle package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(89, 200, 255, 264, 310, 352);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:moodle\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"moodle-1.9.7-1.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"moodle\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:13:06", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been discovered in Moodle, an online course management system. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2009-4297 Multiple cross-site request forgery (CSRF) vulnerabilities have been discovered.\n\n - CVE-2009-4298 It has been discovered that the LAMS module is prone to the disclosure of user account information.\n\n - CVE-2009-4299 The Glossary module has an insufficient access control mechanism.\n\n - CVE-2009-4301 Moodle does not properly check permissions when the MNET service is enabled, which allows remote authenticated servers to execute arbitrary MNET functions.\n\n - CVE-2009-4302 The login/index_form.html page links to an HTTP page instead of using an SSL secured connection.\n\n - CVE-2009-4303 Moodle stores sensitive data in backup files, which might make it possible for attackers to obtain them.\n\n - CVE-2009-4305 It has been discovered that the SCORM module is prone to a SQL injection.\n\nAdditionally, a SQL injection in the update_record function, a problem with symbolic links and a verification problem with Glossary, database and forum ratings have been fixed.", "modified": "2018-11-10T00:00:00", "id": "DEBIAN_DSA-1986.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=44850", "published": "2010-02-24T00:00:00", "title": "Debian DSA-1986-1 : moodle - several vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1986. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(44850);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/11/10 11:49:34\");\n\n script_cve_id(\"CVE-2009-4297\", \"CVE-2009-4298\", \"CVE-2009-4299\", \"CVE-2009-4301\", \"CVE-2009-4302\", \"CVE-2009-4303\", \"CVE-2009-4305\");\n script_xref(name:\"DSA\", value:\"1986\");\n\n script_name(english:\"Debian DSA-1986-1 : moodle - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in Moodle, an online\ncourse management system. The Common Vulnerabilities and Exposures\nproject identifies the following problems :\n\n - CVE-2009-4297\n Multiple cross-site request forgery (CSRF)\n vulnerabilities have been discovered.\n\n - CVE-2009-4298\n It has been discovered that the LAMS module is prone to\n the disclosure of user account information.\n\n - CVE-2009-4299\n The Glossary module has an insufficient access control\n mechanism.\n\n - CVE-2009-4301\n Moodle does not properly check permissions when the MNET\n service is enabled, which allows remote authenticated\n servers to execute arbitrary MNET functions.\n\n - CVE-2009-4302\n The login/index_form.html page links to an HTTP page\n instead of using an SSL secured connection.\n\n - CVE-2009-4303\n Moodle stores sensitive data in backup files, which\n might make it possible for attackers to obtain them.\n\n - CVE-2009-4305\n It has been discovered that the SCORM module is prone to\n a SQL injection.\n\nAdditionally, a SQL injection in the update_record function, a problem\nwith symbolic links and a verification problem with Glossary, database\nand forum ratings have been fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559531\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-4297\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-4298\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-4299\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-4301\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-4302\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-4303\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-4305\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2010/dsa-1986\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the moodle packages.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 1.8.2.dfsg-3+lenny3.\n\nFor the oldstable distribution (etch), there are no fixed packages\navailable and it is too hard to backport many of the fixes. Therefore,\nwe recommend to upgrade to the lenny version.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(89, 200, 264, 310, 352);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:moodle\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"moodle\", reference:\"1.8.2.dfsg-3+lenny3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:12:48", "bulletinFamily": "scanner", "description": "Moodle upstream has released latest stable versions (1.9.7 and 1.8.11), fixing multiple security issues. The list for 1.9.7 release:\n-------------------------- Security issues * MSA-09-0022 - Multiple CSRF problems fixed * MSA-09-0023 - Fixed user account disclosure in LAMS module * MSA-09-0024 - Fixed insufficient access control in Glossary module\n\n - MSA-09-0025 - Unneeded MD5 hashes removed from user table * MSA-09-0026 - Fixed invalid application access control in MNET interface * MSA-09-0027 - Ensured login information is always sent secured when using SSL for logins * MSA-09-0028 - Passwords and secrets are no longer ever saved in backups, new backup capabilities moodle/backup:userinfo and moodle/restore:userinfo for controlling who can backup/restore user data, new checks in the security overview report help admins identify dangerous backup permissions * MSA-09-0029 - A strong password policy is now enabled by default, enabling password salt in encouraged in config.php, admins are forced to change password after the upgrade and admins can force password change on other users via Bulk user actions * MSA-09-0030 - New detection of insecure Flash player plugins, Moodle won't serve Flash to insecure plugins * MSA-09-0031 - Fixed SQL injection in SCORM module The list for 1.8.11 release:\n ---------------------------- Security issues * MSA-09-0022 - Multiple CSRF problems fixed * MSA-09-0023\n - Fixed user account disclosure in LAMS module * MSA-09-0024 - Fixed insufficient access control in Glossary module * MSA-09-0025 - Unneeded MD5 hashes removed from user table * MSA-09-0026 - Fixed invalid application access control in MNET interface * MSA-09-0027 - Ensured login information is always sent secured when using SSL for logins * MSA-09-0028 - Passwords and secrets are no longer ever saved in backups, new backup capabilities moodle/backup:userinfo and moodle/restore:userinfo for controlling who can backup/restore user data * MSA-09-0029 - Enabling a password salt in encouraged in config.php and admins are forced to change password after the upgrade * MSA-09-0031 - Fixed SQL injection in SCORM module References: ----------- http://docs.moodle.org/en/Moodle_1.9.7_release_notes http://docs.moodle.org/en/Moodle_1.8.11_release_notes CVE Request: ------------ http://www.openwall.com/lists/oss-security/2009/12/06/1\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-28T00:00:00", "id": "FEDORA_2009-13040.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=43119", "published": "2009-12-14T00:00:00", "title": "Fedora 10 : moodle-1.9.7-1.fc10 (2009-13040)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-13040.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(43119);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/11/28 22:47:43\");\n\n script_cve_id(\"CVE-2009-4297\", \"CVE-2009-4298\", \"CVE-2009-4299\", \"CVE-2009-4300\", \"CVE-2009-4301\", \"CVE-2009-4302\", \"CVE-2009-4303\", \"CVE-2009-4304\", \"CVE-2009-4305\");\n script_bugtraq_id(31887, 32402, 34278);\n script_xref(name:\"FEDORA\", value:\"2009-13040\");\n\n script_name(english:\"Fedora 10 : moodle-1.9.7-1.fc10 (2009-13040)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Moodle upstream has released latest stable versions (1.9.7 and\n1.8.11), fixing multiple security issues. The list for 1.9.7 release:\n-------------------------- Security issues * MSA-09-0022 - Multiple\nCSRF problems fixed * MSA-09-0023 - Fixed user account disclosure in\nLAMS module * MSA-09-0024 - Fixed insufficient access control in\nGlossary module\n\n - MSA-09-0025 - Unneeded MD5 hashes removed from user\n table * MSA-09-0026 - Fixed invalid application access\n control in MNET interface * MSA-09-0027 - Ensured login\n information is always sent secured when using SSL for\n logins * MSA-09-0028 - Passwords and secrets are no\n longer ever saved in backups, new backup capabilities\n moodle/backup:userinfo and moodle/restore:userinfo for\n controlling who can backup/restore user data, new checks\n in the security overview report help admins identify\n dangerous backup permissions * MSA-09-0029 - A strong\n password policy is now enabled by default, enabling\n password salt in encouraged in config.php, admins are\n forced to change password after the upgrade and admins\n can force password change on other users via Bulk user\n actions * MSA-09-0030 - New detection of insecure Flash\n player plugins, Moodle won't serve Flash to insecure\n plugins * MSA-09-0031 - Fixed SQL injection in SCORM\n module The list for 1.8.11 release:\n ---------------------------- Security issues *\n MSA-09-0022 - Multiple CSRF problems fixed * MSA-09-0023\n - Fixed user account disclosure in LAMS module *\n MSA-09-0024 - Fixed insufficient access control in\n Glossary module * MSA-09-0025 - Unneeded MD5 hashes\n removed from user table * MSA-09-0026 - Fixed invalid\n application access control in MNET interface *\n MSA-09-0027 - Ensured login information is always sent\n secured when using SSL for logins * MSA-09-0028 -\n Passwords and secrets are no longer ever saved in\n backups, new backup capabilities moodle/backup:userinfo\n and moodle/restore:userinfo for controlling who can\n backup/restore user data * MSA-09-0029 - Enabling a\n password salt in encouraged in config.php and admins are\n forced to change password after the upgrade *\n MSA-09-0031 - Fixed SQL injection in SCORM module\n References: -----------\n http://docs.moodle.org/en/Moodle_1.9.7_release_notes\n http://docs.moodle.org/en/Moodle_1.8.11_release_notes\n CVE Request: ------------\n http://www.openwall.com/lists/oss-security/2009/12/06/1\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://docs.moodle.org/en/Moodle_1.8.11_release_notes\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://docs.moodle.org/en/Moodle_1.8.11_release_notes\"\n );\n # http://docs.moodle.org/en/Moodle_1.9.7_release_notes\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://docs.moodle.org/en/Moodle_1.9.7_release_notes\"\n );\n # http://www.openwall.com/lists/oss-security/2009/12/06/1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openwall.com/lists/oss-security/2009/12/06/1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=544766\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-December/032513.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5f244692\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected moodle package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(89, 200, 255, 264, 310, 352);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:moodle\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"moodle-1.9.7-1.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"moodle\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:13:02", "bulletinFamily": "scanner", "description": "This patch updates Moodle to the latest stable upstream version (1.9.7) fixing multiple security issues: CVE-2009-4297, CVE-2009-4298, CVE-2009-4299, CVE-2009-4300, CVE-2009-4301, CVE-2009-4302, CVE-2009-4303, CVE-2009-4304, CVE-2009-4305, MSA-09-0030 (New detection of insecure Flash player plugins)\n\nThe new version also has a completely new , more secure password handling. Beside other features, Admins will be asked to change their passwords next time they log in after upgrading.", "modified": "2016-12-21T00:00:00", "id": "SUSE_11_0_MOODLE-100208.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=44608", "published": "2010-02-15T00:00:00", "title": "openSUSE Security Update : moodle (moodle-1933)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update moodle-1933.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(44608);\n script_version(\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2016/12/21 20:09:50 $\");\n\n script_cve_id(\"CVE-2009-4297\", \"CVE-2009-4298\", \"CVE-2009-4299\", \"CVE-2009-4300\", \"CVE-2009-4301\", \"CVE-2009-4302\", \"CVE-2009-4303\", \"CVE-2009-4304\", \"CVE-2009-4305\");\n\n script_name(english:\"openSUSE Security Update : moodle (moodle-1933)\");\n script_summary(english:\"Check for the moodle-1933 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This patch updates Moodle to the latest stable upstream version\n(1.9.7) fixing multiple security issues: CVE-2009-4297, CVE-2009-4298,\nCVE-2009-4299, CVE-2009-4300, CVE-2009-4301, CVE-2009-4302,\nCVE-2009-4303, CVE-2009-4304, CVE-2009-4305, MSA-09-0030 (New\ndetection of insecure Flash player plugins)\n\nThe new version also has a completely new , more secure password\nhandling. Beside other features, Admins will be asked to change their\npasswords next time they log in after upgrading.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=564364\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected moodle packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(89, 200, 255, 264, 310, 352);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-bs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-de_du\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-fa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-hi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-km\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-kn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-lv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-mi_tn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-nn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-so\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-tl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-zh_cn\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-1.9.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-af-1.9.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-ar-1.9.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-be-1.9.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-bg-1.9.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-bs-1.9.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-ca-1.9.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-cs-1.9.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-da-1.9.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-de-1.9.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-de_du-1.9.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-el-1.9.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-es-1.9.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-et-1.9.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-eu-1.9.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-fa-1.9.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-fi-1.9.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-fr-1.9.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-ga-1.9.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-gl-1.9.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-he-1.9.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-hi-1.9.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-hr-1.9.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-hu-1.9.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-id-1.9.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-is-1.9.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-it-1.9.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-ja-1.9.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-ka-1.9.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-km-1.9.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-kn-1.9.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-ko-1.9.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-lt-1.9.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-lv-1.9.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-mi_tn-1.9.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-ms-1.9.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-nl-1.9.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-nn-1.9.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-no-1.9.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-pl-1.9.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-pt-1.9.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-ro-1.9.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-ru-1.9.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-sk-1.9.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-sl-1.9.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-so-1.9.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-sq-1.9.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-sr-1.9.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-sv-1.9.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-th-1.9.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-tl-1.9.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-tr-1.9.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-uk-1.9.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-vi-1.9.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-zh_cn-1.9.7-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"moodle\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-24T12:49:28", "bulletinFamily": "scanner", "description": "The remote host is missing an update to moodle\nannounced via advisory DSA 1986-1.", "modified": "2017-07-07T00:00:00", "published": "2010-02-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=66807", "id": "OPENVAS:66807", "title": "Debian Security Advisory DSA 1986-1 (moodle)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1986_1.nasl 6614 2017-07-07 12:09:12Z cfischer $\n# Description: Auto-generated from advisory DSA 1986-1 (moodle)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in Moodle, an online\ncourse management system. The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n\nCVE-2009-4297\n\nMultiple cross-site request forgery (CSRF) vulnerabilities have been\ndiscovered.\n\nCVE-2009-4298\n\nIt has been discovered that the LAMS module is prone to the disclosure\nof user account information.\n\nCVE-2009-4299\n\nThe Glossary module has an insufficient access control mechanism.\n\nCVE-2009-4301\n\nMoodle does not properly check permissions when the MNET service is\nenabled, which allows remote authenticated servers to execute arbitrary\nMNET functions.\n\nCVE-2009-4302\n\nThe login/index_form.html page links to an HTTP page instead of using an\nSSL secured connection.\n\nCVE-2009-4303\n\nMoodle stores sensitive data in backup files, which might make it\npossible for attackers to obtain them.\n\nCVE-2009-4305\n\nIt has been discovered that the SCORM module is prone to an SQL\ninjection.\n\nAdditionally, an SQL injection in the update_record function, a problem\nwith symbolic links and a verification problem with Glossary, database\nand forum ratings have been fixed.\n\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 1.8.2.dfsg-3+lenny3.\n\nFor the oldstable distribution (etch), there are no fixed packages\navailable and it is too hard to backport many of the fixes. Therefore,\nwe recommend to upgrade to the lenny version.\n\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), these problems have been fixed in version 1.8.2.dfsg-6.\n\n\nWe recommend that you upgrade your moodle packages.\";\ntag_summary = \"The remote host is missing an update to moodle\nannounced via advisory DSA 1986-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201986-1\";\n\n\nif(description)\n{\n script_id(66807);\n script_version(\"$Revision: 6614 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:12 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-02-10 21:51:26 +0100 (Wed, 10 Feb 2010)\");\n script_cve_id(\"CVE-2009-4297\", \"CVE-2009-4298\", \"CVE-2009-4299\", \"CVE-2009-4301\", \"CVE-2009-4302\", \"CVE-2009-4303\", \"CVE-2009-4305\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1986-1 (moodle)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"moodle\", ver:\"1.8.2.dfsg-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:37:09", "bulletinFamily": "scanner", "description": "The remote host is missing an update to moodle\nannounced via advisory FEDORA-2009-13065.", "modified": "2018-04-06T00:00:00", "published": "2009-12-14T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066502", "id": "OPENVAS:136141256231066502", "type": "openvas", "title": "Fedora Core 12 FEDORA-2009-13065 (moodle)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_13065.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-13065 (moodle)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nMoodle upstream has released latest stable versions (1.9.7 and 1.8.11), fixing\nmultiple security issues. For details, please visit the referenced\nsecurity advisroies.\n\nChangeLog:\n\n* Tue Dec 8 2009 Jon Ciesla - 1.9.7-1\n- Update to 1.9.7, BZ 544766.\n* Thu Nov 5 2009 Jon Ciesla - 1.9.6-2\n- Reverted erroneous cron fix.\n* Thu Nov 5 2009 Jon Ciesla - 1.9.6-1\n- Update to 1.9.6.\n- Make moodle-cron honor lock, BZ 533171.\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update moodle' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-13065\";\ntag_summary = \"The remote host is missing an update to moodle\nannounced via advisory FEDORA-2009-13065.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66502\");\n script_version(\"$Revision: 9350 $\");\n script_cve_id(\"CVE-2009-4297\", \"CVE-2009-4298\", \"CVE-2009-4299\", \"CVE-2009-4300\",\n \"CVE-2009-4301\", \"CVE-2009-4302\", \"CVE-2009-4303\", \"CVE-2009-4304\",\n \"CVE-2009-4305\");\n script_bugtraq_id(37244);\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-14 23:06:43 +0100 (Mon, 14 Dec 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Core 12 FEDORA-2009-13065 (moodle)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=544766\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"moodle\", rpm:\"moodle~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-af\", rpm:\"moodle-af~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ar\", rpm:\"moodle-ar~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-be\", rpm:\"moodle-be~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-bg\", rpm:\"moodle-bg~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-bn\", rpm:\"moodle-bn~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-bs\", rpm:\"moodle-bs~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ca\", rpm:\"moodle-ca~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-cs\", rpm:\"moodle-cs~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-cy\", rpm:\"moodle-cy~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-da\", rpm:\"moodle-da~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-de\", rpm:\"moodle-de~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-de_du\", rpm:\"moodle-de_du~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-dv\", rpm:\"moodle-dv~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-el\", rpm:\"moodle-el~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-es\", rpm:\"moodle-es~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-et\", rpm:\"moodle-et~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-eu\", rpm:\"moodle-eu~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fa\", rpm:\"moodle-fa~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fi\", rpm:\"moodle-fi~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fil\", rpm:\"moodle-fil~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fr\", rpm:\"moodle-fr~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fr_ca\", rpm:\"moodle-fr_ca~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ga\", rpm:\"moodle-ga~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-gl\", rpm:\"moodle-gl~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-gu\", rpm:\"moodle-gu~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-he\", rpm:\"moodle-he~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hi\", rpm:\"moodle-hi~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hr\", rpm:\"moodle-hr~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hu\", rpm:\"moodle-hu~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hy\", rpm:\"moodle-hy~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-id\", rpm:\"moodle-id~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-is\", rpm:\"moodle-is~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-it\", rpm:\"moodle-it~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ja\", rpm:\"moodle-ja~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ka\", rpm:\"moodle-ka~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-kk\", rpm:\"moodle-kk~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-km\", rpm:\"moodle-km~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-kn\", rpm:\"moodle-kn~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ko\", rpm:\"moodle-ko~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-lo\", rpm:\"moodle-lo~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-lt\", rpm:\"moodle-lt~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-lv\", rpm:\"moodle-lv~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mi_tn\", rpm:\"moodle-mi_tn~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mi_wwow\", rpm:\"moodle-mi_wwow~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mk\", rpm:\"moodle-mk~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ml\", rpm:\"moodle-ml~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mn\", rpm:\"moodle-mn~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ms\", rpm:\"moodle-ms~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-nl\", rpm:\"moodle-nl~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-nn\", rpm:\"moodle-nn~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-no\", rpm:\"moodle-no~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-no_gr\", rpm:\"moodle-no_gr~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-pl\", rpm:\"moodle-pl~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-pt\", rpm:\"moodle-pt~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-pt_br\", rpm:\"moodle-pt_br~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ro\", rpm:\"moodle-ro~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ru\", rpm:\"moodle-ru~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-si\", rpm:\"moodle-si~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sk\", rpm:\"moodle-sk~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sl\", rpm:\"moodle-sl~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sm\", rpm:\"moodle-sm~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-so\", rpm:\"moodle-so~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sq\", rpm:\"moodle-sq~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sr_cr\", rpm:\"moodle-sr_cr~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sr_cr_bo\", rpm:\"moodle-sr_cr_bo~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sr_lt\", rpm:\"moodle-sr_lt~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sv\", rpm:\"moodle-sv~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ta\", rpm:\"moodle-ta~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ta_lk\", rpm:\"moodle-ta_lk~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-th\", rpm:\"moodle-th~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-tl\", rpm:\"moodle-tl~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-to\", rpm:\"moodle-to~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-tr\", rpm:\"moodle-tr~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-uk\", rpm:\"moodle-uk~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ur\", rpm:\"moodle-ur~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-uz\", rpm:\"moodle-uz~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-vi\", rpm:\"moodle-vi~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-zh_cn\", rpm:\"moodle-zh_cn~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-zh_tw\", rpm:\"moodle-zh_tw~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-03T10:55:01", "bulletinFamily": "scanner", "description": "The remote host is missing an update to moodle\nannounced via advisory DSA 1986-1.", "modified": "2018-01-02T00:00:00", "published": "2010-02-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066807", "id": "OPENVAS:136141256231066807", "type": "openvas", "title": "Debian Security Advisory DSA 1986-1 (moodle)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1986_1.nasl 8269 2018-01-02 07:28:22Z teissa $\n# Description: Auto-generated from advisory DSA 1986-1 (moodle)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in Moodle, an online\ncourse management system. The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n\nCVE-2009-4297\n\nMultiple cross-site request forgery (CSRF) vulnerabilities have been\ndiscovered.\n\nCVE-2009-4298\n\nIt has been discovered that the LAMS module is prone to the disclosure\nof user account information.\n\nCVE-2009-4299\n\nThe Glossary module has an insufficient access control mechanism.\n\nCVE-2009-4301\n\nMoodle does not properly check permissions when the MNET service is\nenabled, which allows remote authenticated servers to execute arbitrary\nMNET functions.\n\nCVE-2009-4302\n\nThe login/index_form.html page links to an HTTP page instead of using an\nSSL secured connection.\n\nCVE-2009-4303\n\nMoodle stores sensitive data in backup files, which might make it\npossible for attackers to obtain them.\n\nCVE-2009-4305\n\nIt has been discovered that the SCORM module is prone to an SQL\ninjection.\n\nAdditionally, an SQL injection in the update_record function, a problem\nwith symbolic links and a verification problem with Glossary, database\nand forum ratings have been fixed.\n\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 1.8.2.dfsg-3+lenny3.\n\nFor the oldstable distribution (etch), there are no fixed packages\navailable and it is too hard to backport many of the fixes. Therefore,\nwe recommend to upgrade to the lenny version.\n\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), these problems have been fixed in version 1.8.2.dfsg-6.\n\n\nWe recommend that you upgrade your moodle packages.\";\ntag_summary = \"The remote host is missing an update to moodle\nannounced via advisory DSA 1986-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201986-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66807\");\n script_version(\"$Revision: 8269 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-02 08:28:22 +0100 (Tue, 02 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-02-10 21:51:26 +0100 (Wed, 10 Feb 2010)\");\n script_cve_id(\"CVE-2009-4297\", \"CVE-2009-4298\", \"CVE-2009-4299\", \"CVE-2009-4301\", \"CVE-2009-4302\", \"CVE-2009-4303\", \"CVE-2009-4305\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1986-1 (moodle)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"moodle\", ver:\"1.8.2.dfsg-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:40:36", "bulletinFamily": "scanner", "description": "The remote host is missing an update to moodle\nannounced via advisory FEDORA-2009-13080.", "modified": "2018-04-06T00:00:00", "published": "2009-12-14T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066504", "id": "OPENVAS:136141256231066504", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-13080 (moodle)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_13080.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-13080 (moodle)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nMoodle upstream has released latest stable versions (1.9.7 and 1.8.11), fixing\nmultiple security issues. For details, please visit the referenced\nsecurity advisoires.\n\nChangeLog:\n\n* Tue Dec 8 2009 Jon Ciesla - 1.9.7-1\n- Update to 1.9.7, BZ 544766.\n* Thu Nov 5 2009 Jon Ciesla - 1.9.6-2\n- Reverted erroneous cron fix.\n* Thu Nov 5 2009 Jon Ciesla - 1.9.6-1\n- Update to 1.9.6.\n- Make moodle-cron honor lock, BZ 533171.\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update moodle' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-13080\";\ntag_summary = \"The remote host is missing an update to moodle\nannounced via advisory FEDORA-2009-13080.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66504\");\n script_version(\"$Revision: 9350 $\");\n script_cve_id(\"CVE-2009-4297\", \"CVE-2009-4298\", \"CVE-2009-4299\", \"CVE-2009-4300\",\n \"CVE-2009-4301\", \"CVE-2009-4302\", \"CVE-2009-4303\", \"CVE-2009-4304\",\n \"CVE-2009-4305\");\n script_bugtraq_id(37244);\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-14 23:06:43 +0100 (Mon, 14 Dec 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Core 11 FEDORA-2009-13080 (moodle)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=544766\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"moodle\", rpm:\"moodle~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-af\", rpm:\"moodle-af~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ar\", rpm:\"moodle-ar~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-be\", rpm:\"moodle-be~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-bg\", rpm:\"moodle-bg~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-bn\", rpm:\"moodle-bn~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-bs\", rpm:\"moodle-bs~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ca\", rpm:\"moodle-ca~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-cs\", rpm:\"moodle-cs~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-cy\", rpm:\"moodle-cy~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-da\", rpm:\"moodle-da~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-de\", rpm:\"moodle-de~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-de_du\", rpm:\"moodle-de_du~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-dv\", rpm:\"moodle-dv~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-el\", rpm:\"moodle-el~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-es\", rpm:\"moodle-es~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-et\", rpm:\"moodle-et~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-eu\", rpm:\"moodle-eu~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fa\", rpm:\"moodle-fa~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fi\", rpm:\"moodle-fi~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fil\", rpm:\"moodle-fil~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fr\", rpm:\"moodle-fr~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fr_ca\", rpm:\"moodle-fr_ca~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ga\", rpm:\"moodle-ga~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-gl\", rpm:\"moodle-gl~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-gu\", rpm:\"moodle-gu~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-he\", rpm:\"moodle-he~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hi\", rpm:\"moodle-hi~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hr\", rpm:\"moodle-hr~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hu\", rpm:\"moodle-hu~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hy\", rpm:\"moodle-hy~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-id\", rpm:\"moodle-id~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-is\", rpm:\"moodle-is~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-it\", rpm:\"moodle-it~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ja\", rpm:\"moodle-ja~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ka\", rpm:\"moodle-ka~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-kk\", rpm:\"moodle-kk~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-km\", rpm:\"moodle-km~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-kn\", rpm:\"moodle-kn~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ko\", rpm:\"moodle-ko~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-lo\", rpm:\"moodle-lo~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-lt\", rpm:\"moodle-lt~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-lv\", rpm:\"moodle-lv~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mi_tn\", rpm:\"moodle-mi_tn~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mi_wwow\", rpm:\"moodle-mi_wwow~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mk\", rpm:\"moodle-mk~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ml\", rpm:\"moodle-ml~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mn\", rpm:\"moodle-mn~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ms\", rpm:\"moodle-ms~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-nl\", rpm:\"moodle-nl~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-nn\", rpm:\"moodle-nn~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-no\", rpm:\"moodle-no~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-no_gr\", rpm:\"moodle-no_gr~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-pl\", rpm:\"moodle-pl~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-pt\", rpm:\"moodle-pt~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-pt_br\", rpm:\"moodle-pt_br~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ro\", rpm:\"moodle-ro~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ru\", rpm:\"moodle-ru~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-si\", rpm:\"moodle-si~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sk\", rpm:\"moodle-sk~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sl\", rpm:\"moodle-sl~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sm\", rpm:\"moodle-sm~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-so\", rpm:\"moodle-so~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sq\", rpm:\"moodle-sq~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sr_cr\", rpm:\"moodle-sr_cr~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sr_cr_bo\", rpm:\"moodle-sr_cr_bo~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sr_lt\", rpm:\"moodle-sr_lt~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sv\", rpm:\"moodle-sv~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ta\", rpm:\"moodle-ta~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ta_lk\", rpm:\"moodle-ta_lk~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-th\", rpm:\"moodle-th~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-tl\", rpm:\"moodle-tl~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-to\", rpm:\"moodle-to~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-tr\", rpm:\"moodle-tr~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-uk\", rpm:\"moodle-uk~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ur\", rpm:\"moodle-ur~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-uz\", rpm:\"moodle-uz~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-vi\", rpm:\"moodle-vi~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-zh_cn\", rpm:\"moodle-zh_cn~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-zh_tw\", rpm:\"moodle-zh_tw~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:57:13", "bulletinFamily": "scanner", "description": "The remote host is missing an update to moodle\nannounced via advisory FEDORA-2009-13080.", "modified": "2017-07-10T00:00:00", "published": "2009-12-14T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=66504", "id": "OPENVAS:66504", "title": "Fedora Core 11 FEDORA-2009-13080 (moodle)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_13080.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-13080 (moodle)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nMoodle upstream has released latest stable versions (1.9.7 and 1.8.11), fixing\nmultiple security issues. For details, please visit the referenced\nsecurity advisoires.\n\nChangeLog:\n\n* Tue Dec 8 2009 Jon Ciesla - 1.9.7-1\n- Update to 1.9.7, BZ 544766.\n* Thu Nov 5 2009 Jon Ciesla - 1.9.6-2\n- Reverted erroneous cron fix.\n* Thu Nov 5 2009 Jon Ciesla - 1.9.6-1\n- Update to 1.9.6.\n- Make moodle-cron honor lock, BZ 533171.\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update moodle' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-13080\";\ntag_summary = \"The remote host is missing an update to moodle\nannounced via advisory FEDORA-2009-13080.\";\n\n\n\nif(description)\n{\n script_id(66504);\n script_version(\"$Revision: 6624 $\");\n script_cve_id(\"CVE-2009-4297\", \"CVE-2009-4298\", \"CVE-2009-4299\", \"CVE-2009-4300\",\n \"CVE-2009-4301\", \"CVE-2009-4302\", \"CVE-2009-4303\", \"CVE-2009-4304\",\n \"CVE-2009-4305\");\n script_bugtraq_id(37244);\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-14 23:06:43 +0100 (Mon, 14 Dec 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Core 11 FEDORA-2009-13080 (moodle)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=544766\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"moodle\", rpm:\"moodle~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-af\", rpm:\"moodle-af~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ar\", rpm:\"moodle-ar~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-be\", rpm:\"moodle-be~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-bg\", rpm:\"moodle-bg~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-bn\", rpm:\"moodle-bn~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-bs\", rpm:\"moodle-bs~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ca\", rpm:\"moodle-ca~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-cs\", rpm:\"moodle-cs~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-cy\", rpm:\"moodle-cy~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-da\", rpm:\"moodle-da~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-de\", rpm:\"moodle-de~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-de_du\", rpm:\"moodle-de_du~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-dv\", rpm:\"moodle-dv~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-el\", rpm:\"moodle-el~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-es\", rpm:\"moodle-es~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-et\", rpm:\"moodle-et~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-eu\", rpm:\"moodle-eu~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fa\", rpm:\"moodle-fa~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fi\", rpm:\"moodle-fi~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fil\", rpm:\"moodle-fil~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fr\", rpm:\"moodle-fr~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fr_ca\", rpm:\"moodle-fr_ca~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ga\", rpm:\"moodle-ga~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-gl\", rpm:\"moodle-gl~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-gu\", rpm:\"moodle-gu~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-he\", rpm:\"moodle-he~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hi\", rpm:\"moodle-hi~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hr\", rpm:\"moodle-hr~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hu\", rpm:\"moodle-hu~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hy\", rpm:\"moodle-hy~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-id\", rpm:\"moodle-id~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-is\", rpm:\"moodle-is~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-it\", rpm:\"moodle-it~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ja\", rpm:\"moodle-ja~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ka\", rpm:\"moodle-ka~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-kk\", rpm:\"moodle-kk~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-km\", rpm:\"moodle-km~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-kn\", rpm:\"moodle-kn~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ko\", rpm:\"moodle-ko~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-lo\", rpm:\"moodle-lo~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-lt\", rpm:\"moodle-lt~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-lv\", rpm:\"moodle-lv~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mi_tn\", rpm:\"moodle-mi_tn~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mi_wwow\", rpm:\"moodle-mi_wwow~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mk\", rpm:\"moodle-mk~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ml\", rpm:\"moodle-ml~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mn\", rpm:\"moodle-mn~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ms\", rpm:\"moodle-ms~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-nl\", rpm:\"moodle-nl~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-nn\", rpm:\"moodle-nn~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-no\", rpm:\"moodle-no~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-no_gr\", rpm:\"moodle-no_gr~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-pl\", rpm:\"moodle-pl~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-pt\", rpm:\"moodle-pt~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-pt_br\", rpm:\"moodle-pt_br~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ro\", rpm:\"moodle-ro~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ru\", rpm:\"moodle-ru~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-si\", rpm:\"moodle-si~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sk\", rpm:\"moodle-sk~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sl\", rpm:\"moodle-sl~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sm\", rpm:\"moodle-sm~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-so\", rpm:\"moodle-so~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sq\", rpm:\"moodle-sq~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sr_cr\", rpm:\"moodle-sr_cr~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sr_cr_bo\", rpm:\"moodle-sr_cr_bo~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sr_lt\", rpm:\"moodle-sr_lt~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sv\", rpm:\"moodle-sv~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ta\", rpm:\"moodle-ta~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ta_lk\", rpm:\"moodle-ta_lk~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-th\", rpm:\"moodle-th~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-tl\", rpm:\"moodle-tl~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-to\", rpm:\"moodle-to~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-tr\", rpm:\"moodle-tr~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-uk\", rpm:\"moodle-uk~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ur\", rpm:\"moodle-ur~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-uz\", rpm:\"moodle-uz~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-vi\", rpm:\"moodle-vi~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-zh_cn\", rpm:\"moodle-zh_cn~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-zh_tw\", rpm:\"moodle-zh_tw~1.9.7~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:58", "bulletinFamily": "scanner", "description": "The remote host is missing an update to moodle\nannounced via advisory FEDORA-2009-13065.", "modified": "2017-07-10T00:00:00", "published": "2009-12-14T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=66502", "id": "OPENVAS:66502", "title": "Fedora Core 12 FEDORA-2009-13065 (moodle)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_13065.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-13065 (moodle)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nMoodle upstream has released latest stable versions (1.9.7 and 1.8.11), fixing\nmultiple security issues. For details, please visit the referenced\nsecurity advisroies.\n\nChangeLog:\n\n* Tue Dec 8 2009 Jon Ciesla - 1.9.7-1\n- Update to 1.9.7, BZ 544766.\n* Thu Nov 5 2009 Jon Ciesla - 1.9.6-2\n- Reverted erroneous cron fix.\n* Thu Nov 5 2009 Jon Ciesla - 1.9.6-1\n- Update to 1.9.6.\n- Make moodle-cron honor lock, BZ 533171.\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update moodle' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-13065\";\ntag_summary = \"The remote host is missing an update to moodle\nannounced via advisory FEDORA-2009-13065.\";\n\n\n\nif(description)\n{\n script_id(66502);\n script_version(\"$Revision: 6624 $\");\n script_cve_id(\"CVE-2009-4297\", \"CVE-2009-4298\", \"CVE-2009-4299\", \"CVE-2009-4300\",\n \"CVE-2009-4301\", \"CVE-2009-4302\", \"CVE-2009-4303\", \"CVE-2009-4304\",\n \"CVE-2009-4305\");\n script_bugtraq_id(37244);\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-14 23:06:43 +0100 (Mon, 14 Dec 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Core 12 FEDORA-2009-13065 (moodle)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=544766\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"moodle\", rpm:\"moodle~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-af\", rpm:\"moodle-af~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ar\", rpm:\"moodle-ar~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-be\", rpm:\"moodle-be~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-bg\", rpm:\"moodle-bg~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-bn\", rpm:\"moodle-bn~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-bs\", rpm:\"moodle-bs~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ca\", rpm:\"moodle-ca~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-cs\", rpm:\"moodle-cs~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-cy\", rpm:\"moodle-cy~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-da\", rpm:\"moodle-da~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-de\", rpm:\"moodle-de~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-de_du\", rpm:\"moodle-de_du~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-dv\", rpm:\"moodle-dv~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-el\", rpm:\"moodle-el~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-es\", rpm:\"moodle-es~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-et\", rpm:\"moodle-et~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-eu\", rpm:\"moodle-eu~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fa\", rpm:\"moodle-fa~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fi\", rpm:\"moodle-fi~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fil\", rpm:\"moodle-fil~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fr\", rpm:\"moodle-fr~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fr_ca\", rpm:\"moodle-fr_ca~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ga\", rpm:\"moodle-ga~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-gl\", rpm:\"moodle-gl~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-gu\", rpm:\"moodle-gu~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-he\", rpm:\"moodle-he~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hi\", rpm:\"moodle-hi~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hr\", rpm:\"moodle-hr~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hu\", rpm:\"moodle-hu~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hy\", rpm:\"moodle-hy~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-id\", rpm:\"moodle-id~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-is\", rpm:\"moodle-is~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-it\", rpm:\"moodle-it~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ja\", rpm:\"moodle-ja~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ka\", rpm:\"moodle-ka~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-kk\", rpm:\"moodle-kk~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-km\", rpm:\"moodle-km~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-kn\", rpm:\"moodle-kn~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ko\", rpm:\"moodle-ko~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-lo\", rpm:\"moodle-lo~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-lt\", rpm:\"moodle-lt~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-lv\", rpm:\"moodle-lv~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mi_tn\", rpm:\"moodle-mi_tn~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mi_wwow\", rpm:\"moodle-mi_wwow~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mk\", rpm:\"moodle-mk~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ml\", rpm:\"moodle-ml~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mn\", rpm:\"moodle-mn~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ms\", rpm:\"moodle-ms~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-nl\", rpm:\"moodle-nl~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-nn\", rpm:\"moodle-nn~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-no\", rpm:\"moodle-no~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-no_gr\", rpm:\"moodle-no_gr~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-pl\", rpm:\"moodle-pl~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-pt\", rpm:\"moodle-pt~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-pt_br\", rpm:\"moodle-pt_br~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ro\", rpm:\"moodle-ro~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ru\", rpm:\"moodle-ru~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-si\", rpm:\"moodle-si~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sk\", rpm:\"moodle-sk~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sl\", rpm:\"moodle-sl~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sm\", rpm:\"moodle-sm~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-so\", rpm:\"moodle-so~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sq\", rpm:\"moodle-sq~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sr_cr\", rpm:\"moodle-sr_cr~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sr_cr_bo\", rpm:\"moodle-sr_cr_bo~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sr_lt\", rpm:\"moodle-sr_lt~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sv\", rpm:\"moodle-sv~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ta\", rpm:\"moodle-ta~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ta_lk\", rpm:\"moodle-ta_lk~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-th\", rpm:\"moodle-th~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-tl\", rpm:\"moodle-tl~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-to\", rpm:\"moodle-to~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-tr\", rpm:\"moodle-tr~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-uk\", rpm:\"moodle-uk~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ur\", rpm:\"moodle-ur~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-uz\", rpm:\"moodle-uz~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-vi\", rpm:\"moodle-vi~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-zh_cn\", rpm:\"moodle-zh_cn~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-zh_tw\", rpm:\"moodle-zh_tw~1.9.7~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2019-05-30T02:21:53", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1986-1 security@debian.org\nhttp://www.debian.org/security/ Steffen Joeris\nFebruary 02, 2010 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : moodle \nVulnerability : several vulnerabilities\nProblem type : remote \nDebian-specific: no \nCVE IDs : CVE-2009-4297 CVE-2009-4298 CVE-2009-4299 CVE-2009-4301\n CVE-2009-4302 CVE-2009-4303 CVE-2009-4305 \nDebian Bugs : 559531 \n\n\nSeveral vulnerabilities have been discovered in Moodle, an online\ncourse management system. The Common Vulnerabilities and Exposures\nproject identifies the following problems: \n\nCVE-2009-4297\n\nMultiple cross-site request forgery (CSRF) vulnerabilities have been\ndiscovered. \n\nCVE-2009-4298\n\nIt has been discovered that the LAMS module is prone to the disclosure\nof user account information. \n\nCVE-2009-4299\n\nThe Glossary module has an insufficient access control mechanism.\n\nCVE-2009-4301\n\nMoodle does not properly check permissions when the MNET service is\nenabled, which allows remote authenticated servers to execute arbitrary\nMNET functions.\n\nCVE-2009-4302\n\nThe login/index_form.html page links to an HTTP page instead of using an\nSSL secured connection.\n\nCVE-2009-4303\n\nMoodle stores sensitive data in backup files, which might make it\npossible for attackers to obtain them.\n\nCVE-2009-4305\n\nIt has been discovered that the SCORM module is prone to an SQL\ninjection.\n\nAdditionally, an SQL injection in the update_record function, a problem\nwith symbolic links and a verification problem with Glossary, database\nand forum ratings have been fixed.\n\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 1.8.2.dfsg-3+lenny3.\n\nFor the oldstable distribution (etch), there are no fixed packages\navailable and it is too hard to backport many of the fixes. Therefore,\nwe recommend to upgrade to the lenny version.\n\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), these problems have been fixed in version 1.8.2.dfsg-6.\n\n\nWe recommend that you upgrade your moodle packages.\n\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/m/moodle/moodle_1.8.2.dfsg-3+lenny3.dsc\n Size/MD5 checksum: 1332 e6692ee05c7eda37d36ef9a0d24ce2ae\n http://security.debian.org/pool/updates/main/m/moodle/moodle_1.8.2.dfsg.orig.tar.gz\n Size/MD5 checksum: 10162497 d116f83641c70216a94168aa2c303004\n http://security.debian.org/pool/updates/main/m/moodle/moodle_1.8.2.dfsg-3+lenny3.diff.gz\n Size/MD5 checksum: 67070 e8843f3e443495842705c040c0d98779\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/m/moodle/moodle_1.8.2.dfsg-3+lenny3_all.deb\n Size/MD5 checksum: 8628382 1985ebd60f8f9f2fb03a25e9b0c58c50\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "modified": "2010-02-02T19:16:42", "published": "2010-02-02T19:16:42", "id": "DEBIAN:DSA-1986-1:30EA2", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2010/msg00026.html", "title": "[SECURITY] [DSA 1986-1] New moodle packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:33", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- ------------------------------------------------------------------------\r\nDebian Security Advisory DSA-1986-1 security@debian.org\r\nhttp://www.debian.org/security/ Steffen Joeris\r\nFebruary 02, 2010 http://www.debian.org/security/faq\r\n- ------------------------------------------------------------------------\r\n\r\nPackage : moodle \r\nVulnerability : several vulnerabilities\r\nProblem type : remote \r\nDebian-specific: no \r\nCVE IDs : CVE-2009-4297 CVE-2009-4298 CVE-2009-4299 CVE-2009-4301\r\n CVE-2009-4302 CVE-2009-4303 CVE-2009-4305 \r\nDebian Bugs : 559531 \r\n\r\n\r\nSeveral vulnerabilities have been discovered in Moodle, an online\r\ncourse management system. The Common Vulnerabilities and Exposures\r\nproject identifies the following problems: \r\n\r\nCVE-2009-4297\r\n\r\nMultiple cross-site request forgery (CSRF) vulnerabilities have been\r\ndiscovered. \r\n\r\nCVE-2009-4298\r\n\r\nIt has been discovered that the LAMS module is prone to the disclosure\r\nof user account information. \r\n\r\nCVE-2009-4299\r\n\r\nThe Glossary module has an insufficient access control mechanism.\r\n\r\nCVE-2009-4301\r\n\r\nMoodle does not properly check permissions when the MNET service is\r\nenabled, which allows remote authenticated servers to execute arbitrary\r\nMNET functions.\r\n\r\nCVE-2009-4302\r\n\r\nThe login/index_form.html page links to an HTTP page instead of using an\r\nSSL secured connection.\r\n\r\nCVE-2009-4303\r\n\r\nMoodle stores sensitive data in backup files, which might make it\r\npossible for attackers to obtain them.\r\n\r\nCVE-2009-4305\r\n\r\nIt has been discovered that the SCORM module is prone to an SQL\r\ninjection.\r\n\r\nAdditionally, an SQL injection in the update_record function, a problem\r\nwith symbolic links and a verification problem with Glossary, database\r\nand forum ratings have been fixed.\r\n\r\n\r\nFor the stable distribution (lenny), these problems have been fixed in\r\nversion 1.8.2.dfsg-3+lenny3.\r\n\r\nFor the oldstable distribution (etch), there are no fixed packages\r\navailable and it is too hard to backport many of the fixes. Therefore,\r\nwe recommend to upgrade to the lenny version.\r\n\r\nFor the testing distribution (squeeze) and the unstable distribution\r\n(sid), these problems have been fixed in version 1.8.2.dfsg-6.\r\n\r\n\r\nWe recommend that you upgrade your moodle packages.\r\n\r\n\r\nUpgrade instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given below:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\n\r\nDebian GNU/Linux 5.0 alias lenny\r\n- --------------------------------\r\n\r\nDebian (stable)\r\n- ---------------\r\n\r\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/m/moodle/moodle_1.8.2.dfsg-3+lenny3.dsc\r\n Size/MD5 checksum: 1332 e6692ee05c7eda37d36ef9a0d24ce2ae\r\n http://security.debian.org/pool/updates/main/m/moodle/moodle_1.8.2.dfsg.orig.tar.gz\r\n Size/MD5 checksum: 10162497 d116f83641c70216a94168aa2c303004\r\n http://security.debian.org/pool/updates/main/m/moodle/moodle_1.8.2.dfsg-3+lenny3.diff.gz\r\n Size/MD5 checksum: 67070 e8843f3e443495842705c040c0d98779\r\n\r\nArchitecture independent packages:\r\n\r\n http://security.debian.org/pool/updates/main/m/moodle/moodle_1.8.2.dfsg-3+lenny3_all.deb\r\n Size/MD5 checksum: 8628382 1985ebd60f8f9f2fb03a25e9b0c58c50\r\n\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next update.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 (GNU/Linux)\r\n\r\niEYEARECAAYFAktoecgACgkQ62zWxYk/rQe57QCfVN1fhshCzlLxiQBhNUzAHspM\r\nrrcAnjTYkLYcdwNBFMjZ32wFWbCEgoD1\r\n=YJFS\r\n-----END PGP SIGNATURE-----", "modified": "2010-02-04T00:00:00", "published": "2010-02-04T00:00:00", "id": "SECURITYVULNS:DOC:23161", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23161", "title": "[SECURITY] [DSA 1986-1] New moodle packages fix several vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:35", "bulletinFamily": "software", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "modified": "2010-02-04T00:00:00", "published": "2010-02-04T00:00:00", "id": "SECURITYVULNS:VULN:10584", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10584", "title": "Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
