Fedora 11 : moodle-1.9.9-1.fc11 (2010-10321)

2010-07-0100:00:00

www.tenable.com

Moodle upstream has released v1.9.9 and v1.8.13:
http://docs.moodle.org/en/Moodle_1.9.9_release_notes http://docs.moodle.org/en/Moodle_1.8.13_release_notes Which address the following issues: * MSA-10-0010 Persistent Cross Site Scripting vulnerability in the MNET access control interface * MSA-10-0011 Cross Site Scripting vulnerability in blog/index.php * MSA-10-0012 KSES Security Filter Bypassing vulnerability * MSA-10-0013 Potential Cross Site Scripting vulnerability in Quiz reports

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2010-10321.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(47221);
  script_version("1.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2010-2228", "CVE-2010-2229", "CVE-2010-2230", "CVE-2010-2231");
  script_xref(name:"FEDORA", value:"2010-10321");

  script_name(english:"Fedora 11 : moodle-1.9.9-1.fc11 (2010-10321)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Moodle upstream has released v1.9.9 and v1.8.13:
http://docs.moodle.org/en/Moodle_1.9.9_release_notes
http://docs.moodle.org/en/Moodle_1.8.13_release_notes Which address
the following issues: * MSA-10-0010 Persistent Cross Site Scripting
vulnerability in the MNET access control interface * MSA-10-0011 Cross
Site Scripting vulnerability in blog/index.php * MSA-10-0012 KSES
Security Filter Bypassing vulnerability * MSA-10-0013 Potential Cross
Site Scripting vulnerability in Quiz reports

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  # http://docs.moodle.org/en/Moodle_1.8.13_release_notes
  script_set_attribute(
    attribute:"see_also",
    value:"https://docs.moodle.org/en/Moodle_1.8.13_release_notes"
  );
  # http://docs.moodle.org/en/Moodle_1.9.9_release_notes
  script_set_attribute(
    attribute:"see_also",
    value:"https://docs.moodle.org/en/Moodle_1.9.9_release_notes"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=605809"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2010-June/043340.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?56fc72b3"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected moodle package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:moodle");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:11");

  script_set_attribute(attribute:"patch_publication_date", value:"2010/06/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/07/01");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^11([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 11.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC11", reference:"moodle-1.9.9-1.fc11")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "moodle");
}

VendorProductVersionCPE
fedoraprojectfedoramoodlep-cpe:/a:fedoraproject:fedora:moodle
fedoraprojectfedora11cpe:/o:fedoraproject:fedora:11

Vendor	Product	Version	CPE
fedoraproject	fedora	moodle	p-cpe:/a:fedoraproject:fedora:moodle
fedoraproject	fedora	11	cpe:/o:fedoraproject:fedora:11

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2228

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2229

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2230

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2231

www.nessus.org/u?56fc72b3

bugzilla.redhat.com/show_bug.cgi?id=605809

docs.moodle.org/en/Moodle_1.8.13_release_notes

docs.moodle.org/en/Moodle_1.9.9_release_notes

JSON

Related for FEDORA_2010-10321.NASL