Search...

Fedora 9 : moodle-1.9.4-6.fc9 (2009-3283)

2009-04-03T00:00:00

ID FEDORA_2009-3283.NASL
Type nessus
Reporter Tenable
Modified 2016-05-20T00:00:00

Description

CVE-2009-1171: The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted attackers to read arbitrary files via an input command in a '$$' sequence, which causes LaTeX to include the contents of the file. Upstream bug and CVS commit: http://tracker.moodle.org/browse/MDL-18552 http://cvs.moodle.org/moodle/filter/tex/filter.php?r1=1.18.4.4&r2=1.18 .4.5

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2009-3283.
#

include("compat.inc");

if (description)
{
  script_id(36077);
  script_version ("$Revision: 1.14 $");
  script_cvs_date("$Date: 2016/05/20 13:54:17 $");

  script_cve_id("CVE-2009-1171");
  script_bugtraq_id(34278);
  script_xref(name:"EDB-ID", value:"8297");
  script_xref(name:"FEDORA", value:"2009-3283");

  script_name(english:"Fedora 9 : moodle-1.9.4-6.fc9 (2009-3283)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"CVE-2009-1171: The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before
1.7.7+, 1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted
attackers to read arbitrary files via an input command in a '$$'
sequence, which causes LaTeX to include the contents of the file.
Upstream bug and CVS commit:
http://tracker.moodle.org/browse/MDL-18552
http://cvs.moodle.org/moodle/filter/tex/filter.php?r1=1.18.4.4&r2=1.18
.4.5

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  # http://cvs.moodle.org/moodle/filter/tex/filter.php?r1=1.18.4.4&r2=1.18.4.5
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?0321ab9a"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://git.catalyst.net.nz/gw?p="
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://git.catalyst.net.nz/gw?p=moodle-r2.git;a=commitdiff;h=cc9"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://tracker.moodle.org/browse/MDL-18552"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.securityfocus.com/archive/1/archive/1/502231/100/0/threaded"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.securityfocus.com/bid/34278"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022025.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?6913af45"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected moodle package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(20);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:moodle");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:9");

  script_set_attribute(attribute:"patch_publication_date", value:"2009/04/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/03");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" &gt;!&lt; release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^9([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 9.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" &gt;!&lt; cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC9", reference:"moodle-1.9.4-6.fc9")) flag++;


if (flag)
{
  if (report_verbosity &gt; 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "moodle");
}

JSON Vulners Source

Initial Source

{"id": "FEDORA_2009-3283.NASL", "bulletinFamily": "scanner", "title": "Fedora 9 : moodle-1.9.4-6.fc9 (2009-3283)", "description": "CVE-2009-1171: The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted attackers to read arbitrary files via an input command in a '$$' sequence, which causes LaTeX to include the contents of the file.\nUpstream bug and CVS commit:\nhttp://tracker.moodle.org/browse/MDL-18552 http://cvs.moodle.org/moodle/filter/tex/filter.php?r1=1.18.4.4&r2=1.18 .4.5\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2009-04-03T00:00:00", "modified": "2016-05-20T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=36077", "reporter": "Tenable", "references": ["http://www.nessus.org/u?6913af45", "http://www.securityfocus.com/archive/1/archive/1/502231/100/0/threaded", "http://git.catalyst.net.nz/gw?p=", "http://www.nessus.org/u?0321ab9a", "http://git.catalyst.net.nz/gw?p=moodle-r2.git;a=commitdiff;h=cc9", "http://tracker.moodle.org/browse/MDL-18552", "http://www.securityfocus.com/bid/34278"], "cvelist": ["CVE-2009-1171"], "type": "nessus", "lastseen": "2017-10-29T13:41:52", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2009-1171"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "CVE-2009-1171: The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted attackers to read arbitrary files via an input command in a '$$' sequence, which causes LaTeX to include the contents of the file.\nUpstream bug and CVS commit:\nhttp://tracker.moodle.org/browse/MDL-18552 http://cvs.moodle.org/moodle/filter/tex/filter.php?r1=1.18.4.4&r2=1.18 .4.5\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 1, "enchantments": {}, "hash": "f5ce6ca1ad09e57e90c3a706b852c3290c22f60caab8b50052ad13047fabd373", "hashmap": [{"hash": "30f8a3cd16450f4fae9f6381156dd10d", "key": "modified"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "3c236091754d2db00c1c42f811b3ada4", "key": "cvss"}, {"hash": "5339523ee1764037b9b5da5c40661fd9", "key": "title"}, {"hash": "99d86f0e4ad5785122cf9d8a566bf733", "key": "href"}, {"hash": "284eed3b1f61c6014a6323bdffd1a197", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "1eb09b1b87507b37457999d05d657ae6", "key": "pluginID"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "04deda74ca93a324cee3b318a1db28e9", "key": "references"}, {"hash": "306bdcf6373f0b99c6375cecc8a5f0e3", "key": "sourceData"}, {"hash": "1de2ce6ca71fb934a81b7571ff584a21", "key": "description"}, {"hash": "668f84a5b287855c16f3f35d3c8107fa", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=36077", "id": "FEDORA_2009-3283.NASL", "lastseen": "2016-09-26T17:25:38", "modified": "2016-05-20T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.2", "pluginID": "36077", "published": "2009-04-03T00:00:00", "references": ["http://www.nessus.org/u?6913af45", "http://www.securityfocus.com/archive/1/archive/1/502231/100/0/threaded", "http://git.catalyst.net.nz/gw?p=", "http://www.nessus.org/u?0321ab9a", "http://git.catalyst.net.nz/gw?p=moodle-r2.git;a=commitdiff;h=cc9", "http://tracker.moodle.org/browse/MDL-18552", "http://www.securityfocus.com/bid/34278"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-3283.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(36077);\n script_version (\"$Revision: 1.14 $\");\n script_cvs_date(\"$Date: 2016/05/20 13:54:17 $\");\n\n script_cve_id(\"CVE-2009-1171\");\n script_bugtraq_id(34278);\n script_xref(name:\"EDB-ID\", value:\"8297\");\n script_xref(name:\"FEDORA\", value:\"2009-3283\");\n\n script_name(english:\"Fedora 9 : moodle-1.9.4-6.fc9 (2009-3283)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2009-1171: The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before\n1.7.7+, 1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted\nattackers to read arbitrary files via an input command in a '$$'\nsequence, which causes LaTeX to include the contents of the file.\nUpstream bug and CVS commit:\nhttp://tracker.moodle.org/browse/MDL-18552\nhttp://cvs.moodle.org/moodle/filter/tex/filter.php?r1=1.18.4.4&r2=1.18\n.4.5\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://cvs.moodle.org/moodle/filter/tex/filter.php?r1=1.18.4.4&r2=1.18.4.5\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0321ab9a\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://git.catalyst.net.nz/gw?p=\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://git.catalyst.net.nz/gw?p=moodle-r2.git;a=commitdiff;h=cc9\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://tracker.moodle.org/browse/MDL-18552\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.securityfocus.com/archive/1/archive/1/502231/100/0/threaded\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.securityfocus.com/bid/34278\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022025.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6913af45\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected moodle package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:moodle\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 9.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC9\", reference:\"moodle-1.9.4-6.fc9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"moodle\");\n}\n", "title": "Fedora 9 : moodle-1.9.4-6.fc9 (2009-3283)", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:25:38"}], "edition": 2, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "b5996d021ab1a3f5c2d7ce88372bc440"}, {"key": "cvelist", "hash": "284eed3b1f61c6014a6323bdffd1a197"}, {"key": "cvss", "hash": "3c236091754d2db00c1c42f811b3ada4"}, {"key": "description", "hash": "1de2ce6ca71fb934a81b7571ff584a21"}, {"key": "href", "hash": "99d86f0e4ad5785122cf9d8a566bf733"}, {"key": "modified", "hash": "30f8a3cd16450f4fae9f6381156dd10d"}, {"key": "naslFamily", "hash": "be931514784f88df80712740ad2723e7"}, {"key": "pluginID", "hash": "1eb09b1b87507b37457999d05d657ae6"}, {"key": "published", "hash": "668f84a5b287855c16f3f35d3c8107fa"}, {"key": "references", "hash": "04deda74ca93a324cee3b318a1db28e9"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "306bdcf6373f0b99c6375cecc8a5f0e3"}, {"key": "title", "hash": "5339523ee1764037b9b5da5c40661fd9"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "57497d99cd7d22779cfd226eec78f0d9c134aa98998d1209af03b04578451fc6", "viewCount": 0, "enchantments": {"vulnersScore": 2.8}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-3283.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(36077);\n script_version (\"$Revision: 1.14 $\");\n script_cvs_date(\"$Date: 2016/05/20 13:54:17 $\");\n\n script_cve_id(\"CVE-2009-1171\");\n script_bugtraq_id(34278);\n script_xref(name:\"EDB-ID\", value:\"8297\");\n script_xref(name:\"FEDORA\", value:\"2009-3283\");\n\n script_name(english:\"Fedora 9 : moodle-1.9.4-6.fc9 (2009-3283)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2009-1171: The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before\n1.7.7+, 1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted\nattackers to read arbitrary files via an input command in a '$$'\nsequence, which causes LaTeX to include the contents of the file.\nUpstream bug and CVS commit:\nhttp://tracker.moodle.org/browse/MDL-18552\nhttp://cvs.moodle.org/moodle/filter/tex/filter.php?r1=1.18.4.4&r2=1.18\n.4.5\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://cvs.moodle.org/moodle/filter/tex/filter.php?r1=1.18.4.4&r2=1.18.4.5\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0321ab9a\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://git.catalyst.net.nz/gw?p=\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://git.catalyst.net.nz/gw?p=moodle-r2.git;a=commitdiff;h=cc9\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://tracker.moodle.org/browse/MDL-18552\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.securityfocus.com/archive/1/archive/1/502231/100/0/threaded\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.securityfocus.com/bid/34278\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022025.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6913af45\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected moodle package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:moodle\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 9.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC9\", reference:\"moodle-1.9.4-6.fc9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"moodle\");\n}\n", "naslFamily": "Fedora Local Security Checks", "pluginID": "36077", "cpe": ["p-cpe:/a:fedoraproject:fedora:moodle", "cpe:/o:fedoraproject:fedora:9"]}

{"result": {"cve": [{"id": "CVE-2009-1171", "type": "cve", "title": "CVE-2009-1171", "description": "The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted attackers to read arbitrary files via an input command in a \"$$\" sequence, which causes LaTeX to include the contents of the file.", "published": "2009-03-30T18:30:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1171", "cvelist": ["CVE-2009-1171"], "lastseen": "2017-09-29T14:26:33"}], "openvas": [{"id": "OPENVAS:136141256231063734", "type": "openvas", "title": "Debian Security Advisory DSA 1761-1 (moodle)", "description": "The remote host is missing an update to moodle\nannounced via advisory DSA 1761-1.", "published": "2009-04-06T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063734", "cvelist": ["CVE-2009-1171"], "lastseen": "2018-04-06T11:40:01"}, {"id": "OPENVAS:64321", "type": "openvas", "title": "Ubuntu USN-791-2 (moodle)", "description": "The remote host is missing an update to moodle\nannounced via advisory USN-791-2.", "published": "2009-06-30T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=64321", "cvelist": ["CVE-2009-1171"], "lastseen": "2018-02-02T13:15:45"}, {"id": "OPENVAS:63734", "type": "openvas", "title": "Debian Security Advisory DSA 1761-1 (moodle)", "description": "The remote host is missing an update to moodle\nannounced via advisory DSA 1761-1.", "published": "2009-04-06T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=63734", "cvelist": ["CVE-2009-1171"], "lastseen": "2017-07-24T12:57:01"}, {"id": "OPENVAS:66500", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-13040 (moodle)", "description": "The remote host is missing an update to moodle\nannounced via advisory FEDORA-2009-13040.", "published": "2009-12-14T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=66500", "cvelist": ["CVE-2008-4796", "CVE-2008-5153", "CVE-2009-0499", "CVE-2009-1171"], "lastseen": "2017-07-25T10:56:00"}, {"id": "OPENVAS:136141256231063726", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-3280 (moodle)", "description": "The remote host is missing an update to moodle\nannounced via advisory FEDORA-2009-3280.", "published": "2009-04-06T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063726", "cvelist": ["CVE-2008-4796", "CVE-2008-5153", "CVE-2009-0499", "CVE-2009-1171"], "lastseen": "2018-04-06T11:39:13"}, {"id": "OPENVAS:63727", "type": "openvas", "title": "Fedora Core 9 FEDORA-2009-3283 (moodle)", "description": "The remote host is missing an update to moodle\nannounced via advisory FEDORA-2009-3283.", "published": "2009-04-06T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=63727", "cvelist": ["CVE-2008-4796", "CVE-2008-5153", "CVE-2009-0499", "CVE-2009-1171"], "lastseen": "2017-07-25T10:56:48"}, {"id": "OPENVAS:136141256231063727", "type": "openvas", "title": "Fedora Core 9 FEDORA-2009-3283 (moodle)", "description": "The remote host is missing an update to moodle\nannounced via advisory FEDORA-2009-3283.", "published": "2009-04-06T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063727", "cvelist": ["CVE-2008-4796", "CVE-2008-5153", "CVE-2009-0499", "CVE-2009-1171"], "lastseen": "2018-04-06T11:39:25"}, {"id": "OPENVAS:63726", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-3280 (moodle)", "description": "The remote host is missing an update to moodle\nannounced via advisory FEDORA-2009-3280.", "published": "2009-04-06T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=63726", "cvelist": ["CVE-2008-4796", "CVE-2008-5153", "CVE-2009-0499", "CVE-2009-1171"], "lastseen": "2017-07-25T10:56:44"}, {"id": "OPENVAS:136141256231066500", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-13040 (moodle)", "description": "The remote host is missing an update to moodle\nannounced via advisory FEDORA-2009-13040.", "published": "2009-12-14T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066500", "cvelist": ["CVE-2008-4796", "CVE-2008-5153", "CVE-2009-0499", "CVE-2009-1171"], "lastseen": "2018-04-06T11:37:14"}, {"id": "OPENVAS:64320", "type": "openvas", "title": "Ubuntu USN-791-1 (moodle)", "description": "The remote host is missing an update to moodle\nannounced via advisory USN-791-1.\n\nFor details, please visit the referenced security advisories.", "published": "2009-06-30T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=64320", "cvelist": ["CVE-2009-0501", "CVE-2008-4811", "CVE-2008-5432", "CVE-2008-5619", "CVE-2009-0502", "CVE-2008-4810", "CVE-2008-4796", "CVE-2008-6124", "CVE-2008-5153", "CVE-2009-0499", "CVE-2009-0500", "CVE-2009-1171", "CVE-2009-1669", "CVE-2007-3215"], "lastseen": "2017-12-04T11:28:25"}], "ubuntu": [{"id": "USN-791-2", "type": "ubuntu", "title": "Moodle vulnerability", "description": "Christian Eibl discovered that the TeX filter in Moodle allowed any function to be used. An authenticated remote attacker could post a specially crafted TeX formula to execute arbitrary TeX functions, potentially reading any file accessible to the web server user, leading to a loss of privacy. (CVE-2009-1171, MSA-09-0009)", "published": "2009-06-24T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://usn.ubuntu.com/791-2/", "cvelist": ["CVE-2009-1171"], "lastseen": "2018-03-29T18:20:09"}, {"id": "USN-791-1", "type": "ubuntu", "title": "Moodle vulnerabilities", "description": "Thor Larholm discovered that PHPMailer, as used by Moodle, did not correctly escape email addresses. A local attacker with direct access to the Moodle database could exploit this to execute arbitrary commands as the web server user. (CVE-2007-3215)\n\nNigel McNie discovered that fetching https URLs did not correctly escape shell meta-characters. An authenticated remote attacker could execute arbitrary commands as the web server user, if curl was installed and configured. (CVE-2008-4796, MSA-09-0003)\n\nIt was discovered that Smarty (also included in Moodle), did not correctly filter certain inputs. An authenticated remote attacker could exploit this to execute arbitrary PHP commands as the web server user. (CVE-2008-4810, CVE-2008-4811, CVE-2009-1669)\n\nIt was discovered that the unused SpellChecker extension in Moodle did not correctly handle temporary files. If the tool had been locally modified, it could be made to overwrite arbitrary local files via symlinks. (CVE-2008-5153)\n\nMike Churchward discovered that Moodle did not correctly filter Wiki page titles in certain areas. An authenticated remote attacker could exploit this to cause cross-site scripting (XSS), which could be used to modify or steal confidential data of other users within the same web domain. (CVE-2008-5432, MSA-08-0022)\n\nIt was discovered that the HTML sanitizer, \u201cLogin as\u201d feature, and logging in Moodle did not correctly handle certain inputs. An authenticated remote attacker could exploit this to generate XSS, which could be used to modify or steal confidential data of other users within the same web domain. (CVE-2008-5619, CVE-2009-0500, CVE-2009-0502, MSA-08-0026, MSA-09-0004, MSA-09-0007)\n\nIt was discovered that the HotPot module in Moodle did not correctly filter SQL inputs. An authenticated remote attacker could execute arbitrary SQL commands as the moodle database user, leading to a loss of privacy or denial of service. (CVE-2008-6124, MSA-08-0010)\n\nKevin Madura discovered that the forum actions and messaging settings in Moodle were not protected from cross-site request forgery (CSRF). If an authenticated user were tricked into visiting a malicious website while logged into Moodle, a remote attacker could change the user\u2019s configurations or forum content. (CVE-2009-0499, MSA-09-0008, MSA-08-0023)\n\nDaniel Cabezas discovered that Moodle would leak usernames from the Calendar Export tool. A remote attacker could gather a list of users, leading to a loss of privacy. (CVE-2009-0501, MSA-09-0006)\n\nChristian Eibl discovered that the TeX filter in Moodle allowed any function to be used. An authenticated remote attacker could post a specially crafted TeX formula to execute arbitrary TeX functions, potentially reading any file accessible to the web server user, leading to a loss of privacy. (CVE-2009-1171, MSA-09-0009)\n\nJohannes Kuhn discovered that Moodle did not correctly validate user permissions when attempting to switch user accounts. An authenticated remote attacker could switch to any other Moodle user, leading to a loss of privacy. (MSA-08-0003)\n\nHanno Boeck discovered that unconfigured Moodle instances contained XSS vulnerabilities. An unauthenticated remote attacker could exploit this to modify or steal confidential data of other users within the same web domain. (MSA-08-0004)\n\nDebbie McDonald, Mauno Korpelainen, Howard Miller, and Juan Segarra Montesinos discovered that when users were deleted from Moodle, their profiles and avatars were still visible. An authenticated remote attacker could exploit this to store information in profiles even after they were removed, leading to spam traffic. (MSA-08-0015, MSA-09-0001, MSA-09-0002)\n\nLars Vogdt discovered that Moodle did not correctly filter certain inputs. An authenticated remote attacker could exploit this to generate XSS from which they could modify or steal confidential data of other users within the same web domain. (MSA-08-0021)\n\nIt was discovered that Moodle did not correctly filter inputs for group creation, mnet, essay question, HOST param, wiki param, and others. An authenticated remote attacker could exploit this to generate XSS from which they could modify or steal confidential data of other users within the same web domain. (MDL-9288, MDL-11759, MDL-12079, MDL-12793, MDL-14806)\n\nIt was discovered that Moodle did not correctly filter SQL inputs when performing a restore. An attacker authenticated as a Moodle administrator could execute arbitrary SQL commands as the moodle database user, leading to a loss of privacy or denial of service. (MDL-11857)", "published": "2009-06-24T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/791-1/", "cvelist": ["CVE-2009-0501", "CVE-2008-4811", "CVE-2008-5432", "CVE-2008-5619", "CVE-2009-0502", "CVE-2008-4810", "CVE-2008-4796", "CVE-2008-6124", "CVE-2008-5153", "CVE-2009-0499", "CVE-2009-0500", "CVE-2009-1171", "CVE-2009-1669", "CVE-2007-3215"], "lastseen": "2018-03-29T18:20:52"}], "nessus": [{"id": "SUSE_MOODLE-6198.NASL", "type": "nessus", "title": "openSUSE 10 Security Update : moodle (moodle-6198)", "description": "Special command sequences in TeX files allowed users to read arbitrary files (CVE-2009-1171).", "published": "2009-04-21T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=36204", "cvelist": ["CVE-2009-1171"], "lastseen": "2017-10-29T13:44:47"}, {"id": "FEDORA_2009-3280.NASL", "type": "nessus", "title": "Fedora 10 : moodle-1.9.4-6.fc10 (2009-3280)", "description": "CVE-2009-1171: The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted attackers to read arbitrary files via an input command in a '$$' sequence, which causes LaTeX to include the contents of the file.\nUpstream bug and CVS commit:\nhttp://tracker.moodle.org/browse/MDL-18552 http://cvs.moodle.org/moodle/filter/tex/filter.php?r1=1.18.4.4&r2=1.18 .4.5\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2009-04-23T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=36905", "cvelist": ["CVE-2009-1171"], "lastseen": "2017-10-29T13:33:55"}, {"id": "SUSE_11_1_MOODLE-090417.NASL", "type": "nessus", "title": "openSUSE Security Update : moodle (moodle-803)", "description": "Special command sequences in TeX files allowed users to read arbitrary files (CVE-2009-1171).", "published": "2009-07-21T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=40277", "cvelist": ["CVE-2009-1171"], "lastseen": "2017-10-29T13:43:50"}, {"id": "MOODLE_LATEX_INFO_DISCLOSURE.NASL", "type": "nessus", "title": "Moodle LaTeX Information Disclosure", "description": "The TeX filter included with the installed version of Moodle can be exploited to reveal the contents of files on the remote host, subject to the privileges under which the web server operates.", "published": "2009-03-30T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=36050", "cvelist": ["CVE-2009-1171"], "lastseen": "2017-10-29T13:33:10"}, {"id": "DEBIAN_DSA-1761.NASL", "type": "nessus", "title": "Debian DSA-1761-1 : moodle - missing input sanitization", "description": "Christian J. Eibl discovered that the TeX filter of Moodle, a web-based course management system, doesn't check user input for certain TeX commands which allows an attacker to include and display the content of arbitrary system files.\n\nNote that this doesn't affect installations that only use the mimetex environment.", "published": "2009-04-06T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=36084", "cvelist": ["CVE-2009-1171"], "lastseen": "2017-10-29T13:42:16"}, {"id": "UBUNTU_USN-791-2.NASL", "type": "nessus", "title": "Ubuntu 9.04 : moodle vulnerability (USN-791-2)", "description": "Christian Eibl discovered that the TeX filter in Moodle allowed any function to be used. An authenticated remote attacker could post a specially crafted TeX formula to execute arbitrary TeX functions, potentially reading any file accessible to the web server user, leading to a loss of privacy. (CVE-2009-1171, MSA-09-0009).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2009-06-25T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=39517", "cvelist": ["CVE-2009-1171"], "lastseen": "2017-10-29T13:38:55"}, {"id": "SUSE_11_0_MOODLE-090417.NASL", "type": "nessus", "title": "openSUSE Security Update : moodle (moodle-803)", "description": "Special command sequences in TeX files allowed users to read arbitrary files (CVE-2009-1171).", "published": "2009-07-21T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=40070", "cvelist": ["CVE-2009-1171"], "lastseen": "2017-10-29T13:35:48"}, {"id": "UBUNTU_USN-791-1.NASL", "type": "nessus", "title": "Ubuntu 8.04 LTS / 8.10 : moodle vulnerabilities (USN-791-1)", "description": "Thor Larholm discovered that PHPMailer, as used by Moodle, did not correctly escape email addresses. A local attacker with direct access to the Moodle database could exploit this to execute arbitrary commands as the web server user. (CVE-2007-3215)\n\nNigel McNie discovered that fetching https URLs did not correctly escape shell meta-characters. An authenticated remote attacker could execute arbitrary commands as the web server user, if curl was installed and configured. (CVE-2008-4796, MSA-09-0003)\n\nIt was discovered that Smarty (also included in Moodle), did not correctly filter certain inputs. An authenticated remote attacker could exploit this to execute arbitrary PHP commands as the web server user. (CVE-2008-4810, CVE-2008-4811, CVE-2009-1669)\n\nIt was discovered that the unused SpellChecker extension in Moodle did not correctly handle temporary files. If the tool had been locally modified, it could be made to overwrite arbitrary local files via symlinks. (CVE-2008-5153)\n\nMike Churchward discovered that Moodle did not correctly filter Wiki page titles in certain areas. An authenticated remote attacker could exploit this to cause cross-site scripting (XSS), which could be used to modify or steal confidential data of other users within the same web domain. (CVE-2008-5432, MSA-08-0022)\n\nIt was discovered that the HTML sanitizer, 'Login as' feature, and logging in Moodle did not correctly handle certain inputs. An authenticated remote attacker could exploit this to generate XSS, which could be used to modify or steal confidential data of other users within the same web domain. (CVE-2008-5619, CVE-2009-0500, CVE-2009-0502, MSA-08-0026, MSA-09-0004, MSA-09-0007)\n\nIt was discovered that the HotPot module in Moodle did not correctly filter SQL inputs. An authenticated remote attacker could execute arbitrary SQL commands as the moodle database user, leading to a loss of privacy or denial of service. (CVE-2008-6124, MSA-08-0010)\n\nKevin Madura discovered that the forum actions and messaging settings in Moodle were not protected from cross-site request forgery (CSRF).\nIf an authenticated user were tricked into visiting a malicious website while logged into Moodle, a remote attacker could change the user's configurations or forum content. (CVE-2009-0499, MSA-09-0008, MSA-08-0023)\n\nDaniel Cabezas discovered that Moodle would leak usernames from the Calendar Export tool. A remote attacker could gather a list of users, leading to a loss of privacy. (CVE-2009-0501, MSA-09-0006)\n\nChristian Eibl discovered that the TeX filter in Moodle allowed any function to be used. An authenticated remote attacker could post a specially crafted TeX formula to execute arbitrary TeX functions, potentially reading any file accessible to the web server user, leading to a loss of privacy. (CVE-2009-1171, MSA-09-0009)\n\nJohannes Kuhn discovered that Moodle did not correctly validate user permissions when attempting to switch user accounts. An authenticated remote attacker could switch to any other Moodle user, leading to a loss of privacy. (MSA-08-0003)\n\nHanno Boeck discovered that unconfigured Moodle instances contained XSS vulnerabilities. An unauthenticated remote attacker could exploit this to modify or steal confidential data of other users within the same web domain. (MSA-08-0004)\n\nDebbie McDonald, Mauno Korpelainen, Howard Miller, and Juan Segarra Montesinos discovered that when users were deleted from Moodle, their profiles and avatars were still visible. An authenticated remote attacker could exploit this to store information in profiles even after they were removed, leading to spam traffic. (MSA-08-0015, MSA-09-0001, MSA-09-0002)\n\nLars Vogdt discovered that Moodle did not correctly filter certain inputs. An authenticated remote attacker could exploit this to generate XSS from which they could modify or steal confidential data of other users within the same web domain. (MSA-08-0021)\n\nIt was discovered that Moodle did not correctly filter inputs for group creation, mnet, essay question, HOST param, wiki param, and others. An authenticated remote attacker could exploit this to generate XSS from which they could modify or steal confidential data of other users within the same web domain. (MDL-9288, MDL-11759, MDL-12079, MDL-12793, MDL-14806)\n\nIt was discovered that Moodle did not correctly filter SQL inputs when performing a restore. An attacker authenticated as a Moodle administrator could execute arbitrary SQL commands as the moodle database user, leading to a loss of privacy or denial of service.\n(MDL-11857).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2009-06-25T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=39516", "cvelist": ["CVE-2009-0501", "CVE-2008-4811", "CVE-2008-5432", "CVE-2008-5619", "CVE-2009-0502", "CVE-2008-4810", "CVE-2008-4796", "CVE-2008-6124", "CVE-2008-5153", "CVE-2009-0499", "CVE-2009-0500", "CVE-2009-1171", "CVE-2009-1669", "CVE-2007-3215"], "lastseen": "2017-10-29T13:41:49"}], "exploitdb": [{"id": "EDB-ID:8297", "type": "exploitdb", "title": "Moodle < 1.6.9/1.7.7/1.8.9/1.9.5 File Disclosure Vulnerability", "description": "Moodle < 1.6.9/1.7.7/1.8.9/1.9.5 File Disclosure Vulnerability. CVE-2009-1171. Webapps exploit for php platform", "published": "2009-03-27T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/8297/", "cvelist": ["CVE-2009-1171"], "lastseen": "2016-02-01T05:11:33"}], "debian": [{"id": "DSA-1761", "type": "debian", "title": "moodle -- missing input sanitization", "description": "Christian J. Eibl discovered that the TeX filter of Moodle, a web-based course management system, doesn't check user input for certain TeX commands which allows an attacker to include and display the content of arbitrary system files.\n\nNote that this doesn't affect installations that only use the mimetex environment.\n\nFor the oldstable distribution (etch), this problem has been fixed in version 1.6.3-2+etch3.\n\nFor the stable distribution (lenny), this problem has been fixed in version 1.8.2.dfsg-3+lenny2.\n\nFor the testing distribution (squeeze), this problem will be fixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in version 1.8.2.dfsg-5.\n\nWe recommend that you upgrade your moodle packages.", "published": "2009-04-03T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://www.debian.org/security/dsa-1761", "cvelist": ["CVE-2009-1171"], "lastseen": "2016-09-02T18:19:42"}]}}