Several remote vulnerabilities have been discovered in Moodle, an online course management system. The following issues are addressed in this update, ranging from cross site scripting to remote code execution.
Various cross site scripting issues in the Moodle codebase (CVE-2008-3326, CVE-2008-3325, CVE-2007-3555, CVE-2008-5432, MSA-08-0021, MDL-8849, MDL-12793, MDL-11414, MDL-14806, MDL-10276).
Various cross site request forgery issues in the Moodle codebase (CVE-2008-3325, MSA-08-0023).
Privilege escalation bugs in the Moodle codebase (MSA-08-0001, MDL-7755).
SQL injection issue in the hotpot module (MSA-08-0010).
An embedded copy of Smarty had several vulnerabilities (CVE-2008-4811, CVE-2008-4810 ). An embedded copy of Snoopy was vulnerable to cross site scripting (CVE-2008-4796 ). An embedded copy of Kses was vulnerable to cross site scripting (CVE-2008-1502 ).
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DSA-1691. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(35254);
script_version("1.22");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");
script_cve_id("CVE-2007-3555", "CVE-2008-1502", "CVE-2008-3325", "CVE-2008-3326", "CVE-2008-4796", "CVE-2008-4810", "CVE-2008-4811", "CVE-2008-5432", "CVE-2008-6124", "CVE-2008-6125");
script_bugtraq_id(28599, 31862, 31887);
script_xref(name:"DSA", value:"1691");
script_name(english:"Debian DSA-1691-1 : moodle - several vulnerabilities");
script_summary(english:"Checks dpkg output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Debian host is missing a security-related update."
);
script_set_attribute(
attribute:"description",
value:
"Several remote vulnerabilities have been discovered in Moodle, an
online course management system. The following issues are addressed in
this update, ranging from cross site scripting to remote code
execution.
Various cross site scripting issues in the Moodle codebase
(CVE-2008-3326, CVE-2008-3325, CVE-2007-3555, CVE-2008-5432,
MSA-08-0021, MDL-8849, MDL-12793, MDL-11414, MDL-14806, MDL-10276).
Various cross site request forgery issues in the Moodle codebase
(CVE-2008-3325, MSA-08-0023).
Privilege escalation bugs in the Moodle codebase (MSA-08-0001,
MDL-7755).
SQL injection issue in the hotpot module (MSA-08-0010).
An embedded copy of Smarty had several vulnerabilities (CVE-2008-4811,
CVE-2008-4810 ). An embedded copy of Snoopy was vulnerable to cross
site scripting (CVE-2008-4796 ). An embedded copy of Kses was
vulnerable to cross site scripting (CVE-2008-1502 )."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432264"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471158"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=489533"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492492"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504235"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504345"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508593"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2008-3326"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2008-3325"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2007-3555"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2008-5432"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2008-3325"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2008-4811"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2008-4810"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2008-4796"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2008-1502"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.debian.org/security/2008/dsa-1691"
);
script_set_attribute(
attribute:"solution",
value:
"Upgrade the moodle (1.6.3-2+etch1) package.
For the stable distribution (etch), these problems have been fixed in
version 1.6.3-2+etch1."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"d2_elliot_name", value:"Moodle <= 1.8.4 RCE");
script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack');
script_cwe_id(79, 89, 94, 264, 352);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:moodle");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0");
script_set_attribute(attribute:"vuln_publication_date", value:"2007/07/04");
script_set_attribute(attribute:"patch_publication_date", value:"2008/12/22");
script_set_attribute(attribute:"plugin_publication_date", value:"2008/12/22");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Debian Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"4.0", prefix:"moodle", reference:"1.6.3-2+etch1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
Vendor | Product | Version | CPE |
---|---|---|---|
debian | debian_linux | moodle | p-cpe:/a:debian:debian_linux:moodle |
debian | debian_linux | 4.0 | cpe:/o:debian:debian_linux:4.0 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3555
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1502
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3325
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3326
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4796
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4810
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4811
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5432
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6124
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6125
bugs.debian.org/cgi-bin/bugreport.cgi?bug=432264
bugs.debian.org/cgi-bin/bugreport.cgi?bug=471158
bugs.debian.org/cgi-bin/bugreport.cgi?bug=489533
bugs.debian.org/cgi-bin/bugreport.cgi?bug=492492
bugs.debian.org/cgi-bin/bugreport.cgi?bug=504235
bugs.debian.org/cgi-bin/bugreport.cgi?bug=504345
bugs.debian.org/cgi-bin/bugreport.cgi?bug=508593
security-tracker.debian.org/tracker/CVE-2007-3555
security-tracker.debian.org/tracker/CVE-2008-1502
security-tracker.debian.org/tracker/CVE-2008-3325
security-tracker.debian.org/tracker/CVE-2008-3326
security-tracker.debian.org/tracker/CVE-2008-4796
security-tracker.debian.org/tracker/CVE-2008-4810
security-tracker.debian.org/tracker/CVE-2008-4811
security-tracker.debian.org/tracker/CVE-2008-5432
www.debian.org/security/2008/dsa-1691