ID SUSE_MOODLE-6108.NASL Type nessus Reporter Tenable Modified 2016-12-22T00:00:00
Description
moodle was prone to several cross-site-scripting (XSS) and cross-site-request-forgery (CSRF) problems (CVE-2009-0499, CVE-2009-0500, CVE-2009-0501, CVE-2009-0502).
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update moodle-6108.
#
# The text description of this plugin is (C) SUSE LLC.
#
include("compat.inc");
if (description)
{
script_id(36008);
script_version ("$Revision: 1.8 $");
script_cvs_date("$Date: 2016/12/22 20:42:27 $");
script_cve_id("CVE-2009-0499", "CVE-2009-0500", "CVE-2009-0501", "CVE-2009-0502");
script_name(english:"openSUSE 10 Security Update : moodle (moodle-6108)");
script_summary(english:"Check for the moodle-6108 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"moodle was prone to several cross-site-scripting (XSS) and
cross-site-request-forgery (CSRF) problems (CVE-2009-0499,
CVE-2009-0500, CVE-2009-0501, CVE-2009-0502)."
);
script_set_attribute(
attribute:"solution",
value:"Update the affected moodle packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P");
script_cwe_id(79, 352);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-af");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-ar");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-be");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-bg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-bs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-ca");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-cs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-da");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-de");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-de_du");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-el");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-es");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-et");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-eu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-fa");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-fi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-fr");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-ga");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-gl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-he");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-hi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-hr");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-hu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-id");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-is");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-it");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-ja");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-ka");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-km");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-kn");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-ko");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-lt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-lv");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-mi_tn");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-ms");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-nl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-nn");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-no");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-pl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-pt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-ro");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-ru");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-sk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-sl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-so");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-sq");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-sr");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-sv");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-th");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-tl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-tr");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-uk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-vi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-zh_cn");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.3");
script_set_attribute(attribute:"patch_publication_date", value:"2009/03/19");
script_set_attribute(attribute:"plugin_publication_date", value:"2009/03/24");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE10\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if ( rpm_check(release:"SUSE10.3", reference:"moodle-1.8.2-17.12") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"moodle-af-1.8.2-17.12") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"moodle-ar-1.8.2-17.12") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"moodle-be-1.8.2-17.12") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"moodle-bg-1.8.2-17.12") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"moodle-bs-1.8.2-17.12") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"moodle-ca-1.8.2-17.12") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"moodle-cs-1.8.2-17.12") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"moodle-da-1.8.2-17.12") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"moodle-de-1.8.2-17.12") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"moodle-de_du-1.8.2-17.12") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"moodle-el-1.8.2-17.12") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"moodle-es-1.8.2-17.12") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"moodle-et-1.8.2-17.12") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"moodle-eu-1.8.2-17.12") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"moodle-fa-1.8.2-17.12") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"moodle-fi-1.8.2-17.12") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"moodle-fr-1.8.2-17.12") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"moodle-ga-1.8.2-17.12") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"moodle-gl-1.8.2-17.12") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"moodle-he-1.8.2-17.12") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"moodle-hi-1.8.2-17.12") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"moodle-hr-1.8.2-17.12") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"moodle-hu-1.8.2-17.12") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"moodle-id-1.8.2-17.12") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"moodle-is-1.8.2-17.12") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"moodle-it-1.8.2-17.12") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"moodle-ja-1.8.2-17.12") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"moodle-ka-1.8.2-17.12") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"moodle-km-1.8.2-17.12") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"moodle-kn-1.8.2-17.12") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"moodle-ko-1.8.2-17.12") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"moodle-lt-1.8.2-17.12") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"moodle-lv-1.8.2-17.12") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"moodle-mi_tn-1.8.2-17.12") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"moodle-ms-1.8.2-17.12") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"moodle-nl-1.8.2-17.12") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"moodle-nn-1.8.2-17.12") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"moodle-no-1.8.2-17.12") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"moodle-pl-1.8.2-17.12") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"moodle-pt-1.8.2-17.12") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"moodle-ro-1.8.2-17.12") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"moodle-ru-1.8.2-17.12") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"moodle-sk-1.8.2-17.12") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"moodle-sl-1.8.2-17.12") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"moodle-so-1.8.2-17.12") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"moodle-sq-1.8.2-17.12") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"moodle-sr-1.8.2-17.12") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"moodle-sv-1.8.2-17.12") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"moodle-th-1.8.2-17.12") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"moodle-tl-1.8.2-17.12") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"moodle-tr-1.8.2-17.12") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"moodle-uk-1.8.2-17.12") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"moodle-vi-1.8.2-17.12") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"moodle-zh_cn-1.8.2-17.12") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "moodle / moodle-af / moodle-ar / moodle-be / moodle-bg / moodle-bs / etc");
}
{"result": {"cve": [{"id": "CVE-2009-0501", "type": "cve", "title": "CVE-2009-0501", "description": "Unspecified vulnerability in the Calendar export feature in Moodle 1.8 before 1.8.8 and 1.9 before 1.9.4 allows attackers to obtain sensitive information and conduct \"brute force attacks on user accounts\" via unknown vectors.", "published": "2009-02-09T21:30:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0501", "cvelist": ["CVE-2009-0501"], "lastseen": "2016-09-03T12:04:39"}, {"id": "CVE-2009-0502", "type": "cve", "title": "CVE-2009-0502", "description": "Cross-site scripting (XSS) vulnerability in blocks/html/block_html.php in Snoopy 1.2.3, as used in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4, allows remote attackers to inject arbitrary web script or HTML via an HTML block, which is not properly handled when the \"Login as\" feature is used to visit a MyMoodle or Blog page.", "published": "2009-02-09T21:30:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0502", "cvelist": ["CVE-2009-0502"], "lastseen": "2016-09-03T12:04:39"}, {"id": "CVE-2009-0499", "type": "cve", "title": "CVE-2009-0499", "description": "Cross-site request forgery (CSRF) vulnerability in the forum code in Moodle 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to delete unauthorized forum posts via a link or IMG tag to post.php.", "published": "2009-02-09T21:30:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0499", "cvelist": ["CVE-2009-0499"], "lastseen": "2016-09-03T12:04:36"}, {"id": "CVE-2009-0500", "type": "cve", "title": "CVE-2009-0500", "description": "Cross-site scripting (XSS) vulnerability in course/lib.php in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to inject arbitrary web script or HTML via crafted log table information that is not properly handled when it is displayed in a log report.", "published": "2009-02-09T21:30:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0500", "cvelist": ["CVE-2009-0500"], "lastseen": "2016-09-03T12:04:37"}], "nessus": [{"id": "SUSE_11_0_MOODLE-090320.NASL", "type": "nessus", "title": "openSUSE Security Update : moodle (moodle-672)", "description": "moodle was prone to several cross-site-scripting (XSS) and cross-site-request-forgery (CSRF) problems (CVE-2009-0499, CVE-2009-0500, CVE-2009-0501, CVE-2009-0502).", "published": "2009-07-21T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=40069", "cvelist": ["CVE-2009-0501", "CVE-2009-0502", "CVE-2009-0499", "CVE-2009-0500"], "lastseen": "2017-10-29T13:38:17"}, {"id": "FEDORA_2009-1641.NASL", "type": "nessus", "title": "Fedora 9 : moodle-1.9.4-1.fc9 (2009-1641)", "description": "Multiple security fixes.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2009-02-13T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=35671", "cvelist": ["CVE-2009-0501", "CVE-2009-0502", "CVE-2009-0499", "CVE-2009-0500"], "lastseen": "2017-10-29T13:40:42"}, {"id": "SUSE_11_1_MOODLE-090319.NASL", "type": "nessus", "title": "openSUSE Security Update : moodle (moodle-672)", "description": "moodle was prone to several cross-site-scripting (XSS) and cross-site-request-forgery (CSRF) problems (CVE-2009-0499, CVE-2009-0500, CVE-2009-0501, CVE-2009-0502).", "published": "2009-07-21T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=40276", "cvelist": ["CVE-2009-0501", "CVE-2009-0502", "CVE-2009-0499", "CVE-2009-0500"], "lastseen": "2017-10-29T13:42:36"}, {"id": "FEDORA_2009-1699.NASL", "type": "nessus", "title": "Fedora 10 : moodle-1.9.4-1.fc10 (2009-1699)", "description": "Multiple security fixes.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2009-04-23T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=37466", "cvelist": ["CVE-2009-0501", "CVE-2009-0502", "CVE-2009-0499", "CVE-2009-0500"], "lastseen": "2017-10-29T13:45:53"}, {"id": "UBUNTU_USN-791-1.NASL", "type": "nessus", "title": "Ubuntu 8.04 LTS / 8.10 : moodle vulnerabilities (USN-791-1)", "description": "Thor Larholm discovered that PHPMailer, as used by Moodle, did not correctly escape email addresses. A local attacker with direct access to the Moodle database could exploit this to execute arbitrary commands as the web server user. (CVE-2007-3215)\n\nNigel McNie discovered that fetching https URLs did not correctly escape shell meta-characters. An authenticated remote attacker could execute arbitrary commands as the web server user, if curl was installed and configured. (CVE-2008-4796, MSA-09-0003)\n\nIt was discovered that Smarty (also included in Moodle), did not correctly filter certain inputs. An authenticated remote attacker could exploit this to execute arbitrary PHP commands as the web server user. (CVE-2008-4810, CVE-2008-4811, CVE-2009-1669)\n\nIt was discovered that the unused SpellChecker extension in Moodle did not correctly handle temporary files. If the tool had been locally modified, it could be made to overwrite arbitrary local files via symlinks. (CVE-2008-5153)\n\nMike Churchward discovered that Moodle did not correctly filter Wiki page titles in certain areas. An authenticated remote attacker could exploit this to cause cross-site scripting (XSS), which could be used to modify or steal confidential data of other users within the same web domain. (CVE-2008-5432, MSA-08-0022)\n\nIt was discovered that the HTML sanitizer, 'Login as' feature, and logging in Moodle did not correctly handle certain inputs. An authenticated remote attacker could exploit this to generate XSS, which could be used to modify or steal confidential data of other users within the same web domain. (CVE-2008-5619, CVE-2009-0500, CVE-2009-0502, MSA-08-0026, MSA-09-0004, MSA-09-0007)\n\nIt was discovered that the HotPot module in Moodle did not correctly filter SQL inputs. An authenticated remote attacker could execute arbitrary SQL commands as the moodle database user, leading to a loss of privacy or denial of service. (CVE-2008-6124, MSA-08-0010)\n\nKevin Madura discovered that the forum actions and messaging settings in Moodle were not protected from cross-site request forgery (CSRF).\nIf an authenticated user were tricked into visiting a malicious website while logged into Moodle, a remote attacker could change the user's configurations or forum content. (CVE-2009-0499, MSA-09-0008, MSA-08-0023)\n\nDaniel Cabezas discovered that Moodle would leak usernames from the Calendar Export tool. A remote attacker could gather a list of users, leading to a loss of privacy. (CVE-2009-0501, MSA-09-0006)\n\nChristian Eibl discovered that the TeX filter in Moodle allowed any function to be used. An authenticated remote attacker could post a specially crafted TeX formula to execute arbitrary TeX functions, potentially reading any file accessible to the web server user, leading to a loss of privacy. (CVE-2009-1171, MSA-09-0009)\n\nJohannes Kuhn discovered that Moodle did not correctly validate user permissions when attempting to switch user accounts. An authenticated remote attacker could switch to any other Moodle user, leading to a loss of privacy. (MSA-08-0003)\n\nHanno Boeck discovered that unconfigured Moodle instances contained XSS vulnerabilities. An unauthenticated remote attacker could exploit this to modify or steal confidential data of other users within the same web domain. (MSA-08-0004)\n\nDebbie McDonald, Mauno Korpelainen, Howard Miller, and Juan Segarra Montesinos discovered that when users were deleted from Moodle, their profiles and avatars were still visible. An authenticated remote attacker could exploit this to store information in profiles even after they were removed, leading to spam traffic. (MSA-08-0015, MSA-09-0001, MSA-09-0002)\n\nLars Vogdt discovered that Moodle did not correctly filter certain inputs. An authenticated remote attacker could exploit this to generate XSS from which they could modify or steal confidential data of other users within the same web domain. (MSA-08-0021)\n\nIt was discovered that Moodle did not correctly filter inputs for group creation, mnet, essay question, HOST param, wiki param, and others. An authenticated remote attacker could exploit this to generate XSS from which they could modify or steal confidential data of other users within the same web domain. (MDL-9288, MDL-11759, MDL-12079, MDL-12793, MDL-14806)\n\nIt was discovered that Moodle did not correctly filter SQL inputs when performing a restore. An attacker authenticated as a Moodle administrator could execute arbitrary SQL commands as the moodle database user, leading to a loss of privacy or denial of service.\n(MDL-11857).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2009-06-25T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=39516", "cvelist": ["CVE-2009-0501", "CVE-2008-4811", "CVE-2008-5432", "CVE-2008-5619", "CVE-2009-0502", "CVE-2008-4810", "CVE-2008-4796", "CVE-2008-6124", "CVE-2008-5153", "CVE-2009-0499", "CVE-2009-0500", "CVE-2009-1171", "CVE-2009-1669", "CVE-2007-3215"], "lastseen": "2017-10-29T13:41:49"}, {"id": "DEBIAN_DSA-1724.NASL", "type": "nessus", "title": "Debian DSA-1724-1 : moodle - several vulnerabilities", "description": "Several vulnerabilities have been discovered in Moodle, an online course management system. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2009-0500 It was discovered that the information stored in the log tables was not properly sanitized, which could allow attackers to inject arbitrary web code.\n\n - CVE-2009-0502 It was discovered that certain input via the 'Login as' function was not properly sanitised leading to the injection of arbitrary web script.\n\n - CVE-2008-5153 Dmitry E. Oboukhov discovered that the SpellCheker plugin creates temporary files insecurely, allowing a denial of service attack. Since the plugin was unused, it is removed in this update.", "published": "2009-02-17T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=35691", "cvelist": ["CVE-2009-0502", "CVE-2008-5153", "CVE-2009-0500"], "lastseen": "2017-10-29T13:34:39"}, {"id": "MOODLE_FORUM_CSRF.NASL", "type": "nessus", "title": "Moodle Forum 'post.php' Unauthorized Post Deletion CSRF", "description": "The 'forum' code in the version of Moodle installed on the remote host is affected by a cross-site request forgery vulnerability due to a failure to properly validate requests before deleting forum posts. If an attacker can trick a Moodle user into clicking on a malicious link, this issue could be leveraged to delete the user's posts.\n\nNote that this install is also likely affected by several other vulnerabilities, including one allowing for arbitrary code execution, although Nessus has not checked for them.", "published": "2009-02-27T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=35749", "cvelist": ["CVE-2009-0499"], "lastseen": "2017-10-29T13:43:42"}], "openvas": [{"id": "OPENVAS:800240", "type": "openvas", "title": "Moodle CMS Multiple Vulnerabilities", "description": "This host is running Moodle CMS and is prone to Multiple\n Vulnerabilities.", "published": "2009-03-03T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=800240", "cvelist": ["CVE-2009-0501", "CVE-2009-0502", "CVE-2009-0499", "CVE-2009-0500"], "lastseen": "2017-07-02T21:14:18"}, {"id": "OPENVAS:1361412562310800240", "type": "openvas", "title": "Moodle CMS Multiple Vulnerabilities", "description": "This host is running Moodle CMS and is prone to Multiple\n Vulnerabilities.", "published": "2009-03-03T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800240", "cvelist": ["CVE-2009-0501", "CVE-2009-0502", "CVE-2009-0499", "CVE-2009-0500"], "lastseen": "2018-04-06T11:40:29"}, {"id": "OPENVAS:63405", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-1699 (moodle)", "description": "The remote host is missing an update to moodle\nannounced via advisory FEDORA-2009-1699.", "published": "2009-02-18T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=63405", "cvelist": ["CVE-2009-0501", "CVE-2009-0502", "CVE-2008-4796", "CVE-2008-5153", "CVE-2009-0499", "CVE-2009-0500"], "lastseen": "2017-07-25T10:57:11"}, {"id": "OPENVAS:63390", "type": "openvas", "title": "Fedora Core 9 FEDORA-2009-1641 (moodle)", "description": "The remote host is missing an update to moodle\nannounced via advisory FEDORA-2009-1641.", "published": "2009-02-13T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=63390", "cvelist": ["CVE-2009-0501", "CVE-2009-0502", "CVE-2008-4796", "CVE-2008-5153", "CVE-2009-0499", "CVE-2009-0500"], "lastseen": "2017-07-25T10:56:31"}, {"id": "OPENVAS:136141256231063390", "type": "openvas", "title": "Fedora Core 9 FEDORA-2009-1641 (moodle)", "description": "The remote host is missing an update to moodle\nannounced via advisory FEDORA-2009-1641.", "published": "2009-02-13T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063390", "cvelist": ["CVE-2009-0501", "CVE-2009-0502", "CVE-2008-4796", "CVE-2008-5153", "CVE-2009-0499", "CVE-2009-0500"], "lastseen": "2018-04-06T11:38:35"}, {"id": "OPENVAS:136141256231063405", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-1699 (moodle)", "description": "The remote host is missing an update to moodle\nannounced via advisory FEDORA-2009-1699.", "published": "2009-02-18T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063405", "cvelist": ["CVE-2009-0501", "CVE-2009-0502", "CVE-2008-4796", "CVE-2008-5153", "CVE-2009-0499", "CVE-2009-0500"], "lastseen": "2018-04-06T11:40:31"}, {"id": "OPENVAS:64320", "type": "openvas", "title": "Ubuntu USN-791-1 (moodle)", "description": "The remote host is missing an update to moodle\nannounced via advisory USN-791-1.\n\nFor details, please visit the referenced security advisories.", "published": "2009-06-30T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=64320", "cvelist": ["CVE-2009-0501", "CVE-2008-4811", "CVE-2008-5432", "CVE-2008-5619", "CVE-2009-0502", "CVE-2008-4810", "CVE-2008-4796", "CVE-2008-6124", "CVE-2008-5153", "CVE-2009-0499", "CVE-2009-0500", "CVE-2009-1171", "CVE-2009-1669", "CVE-2007-3215"], "lastseen": "2017-12-04T11:28:25"}, {"id": "OPENVAS:136141256231063687", "type": "openvas", "title": "SuSE Security Summary SUSE-SR:2009:007", "description": "The remote host is missing updates announced in\nadvisory SUSE-SR:2009:007. SuSE Security Summaries are short\non detail when it comes to the names of packages affected by\na particular bug. Because of this, while this test will detect\nout of date packages, it cannot tell you what bugs impact\nwhich packages, or vice versa.", "published": "2009-03-31T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063687", "cvelist": ["CVE-2009-0501", "CVE-2009-0733", "CVE-2009-0932", "CVE-2009-0915", "CVE-2008-3075", "CVE-2009-0723", "CVE-2008-2364", "CVE-2009-0584", "CVE-2008-3076", "CVE-2009-0502", "CVE-2009-0115", "CVE-2008-4677", "CVE-2009-0583", "CVE-2009-0916", "CVE-2007-6018", "CVE-2008-5917", "CVE-2009-0499", "CVE-2009-0500", "CVE-2009-0930", "CVE-2008-6235", "CVE-2008-3074", "CVE-2008-2712", "CVE-2009-0581", "CVE-2009-0914"], "lastseen": "2018-04-06T11:37:49"}, {"id": "OPENVAS:63687", "type": "openvas", "title": "SuSE Security Summary SUSE-SR:2009:007", "description": "The remote host is missing updates announced in\nadvisory SUSE-SR:2009:007. SuSE Security Summaries are short\non detail when it comes to the names of packages affected by\na particular bug. Because of this, while this test will detect\nout of date packages, it cannot tell you what bugs impact\nwhich packages, or vice versa.", "published": "2009-03-31T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=63687", "cvelist": ["CVE-2009-0501", "CVE-2009-0733", "CVE-2009-0932", "CVE-2009-0915", "CVE-2008-3075", "CVE-2009-0723", "CVE-2008-2364", "CVE-2009-0584", "CVE-2008-3076", "CVE-2009-0502", "CVE-2009-0115", "CVE-2008-4677", "CVE-2009-0583", "CVE-2009-0916", "CVE-2007-6018", "CVE-2008-5917", "CVE-2009-0499", "CVE-2009-0500", "CVE-2009-0930", "CVE-2008-6235", "CVE-2008-3074", "CVE-2008-2712", "CVE-2009-0581", "CVE-2009-0914"], "lastseen": "2017-07-26T08:55:23"}, {"id": "OPENVAS:136141256231063410", "type": "openvas", "title": "Debian Security Advisory DSA 1724-1 (moodle)", "description": "The remote host is missing an update to moodle\nannounced via advisory DSA 1724-1.", "published": "2009-02-18T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063410", "cvelist": ["CVE-2009-0502", "CVE-2008-5153", "CVE-2009-0500"], "lastseen": "2018-04-06T11:39:58"}], "ubuntu": [{"id": "USN-791-1", "type": "ubuntu", "title": "Moodle vulnerabilities", "description": "Thor Larholm discovered that PHPMailer, as used by Moodle, did not correctly escape email addresses. A local attacker with direct access to the Moodle database could exploit this to execute arbitrary commands as the web server user. (CVE-2007-3215)\n\nNigel McNie discovered that fetching https URLs did not correctly escape shell meta-characters. An authenticated remote attacker could execute arbitrary commands as the web server user, if curl was installed and configured. (CVE-2008-4796, MSA-09-0003)\n\nIt was discovered that Smarty (also included in Moodle), did not correctly filter certain inputs. An authenticated remote attacker could exploit this to execute arbitrary PHP commands as the web server user. (CVE-2008-4810, CVE-2008-4811, CVE-2009-1669)\n\nIt was discovered that the unused SpellChecker extension in Moodle did not correctly handle temporary files. If the tool had been locally modified, it could be made to overwrite arbitrary local files via symlinks. (CVE-2008-5153)\n\nMike Churchward discovered that Moodle did not correctly filter Wiki page titles in certain areas. An authenticated remote attacker could exploit this to cause cross-site scripting (XSS), which could be used to modify or steal confidential data of other users within the same web domain. (CVE-2008-5432, MSA-08-0022)\n\nIt was discovered that the HTML sanitizer, \u201cLogin as\u201d feature, and logging in Moodle did not correctly handle certain inputs. An authenticated remote attacker could exploit this to generate XSS, which could be used to modify or steal confidential data of other users within the same web domain. (CVE-2008-5619, CVE-2009-0500, CVE-2009-0502, MSA-08-0026, MSA-09-0004, MSA-09-0007)\n\nIt was discovered that the HotPot module in Moodle did not correctly filter SQL inputs. An authenticated remote attacker could execute arbitrary SQL commands as the moodle database user, leading to a loss of privacy or denial of service. (CVE-2008-6124, MSA-08-0010)\n\nKevin Madura discovered that the forum actions and messaging settings in Moodle were not protected from cross-site request forgery (CSRF). If an authenticated user were tricked into visiting a malicious website while logged into Moodle, a remote attacker could change the user\u2019s configurations or forum content. (CVE-2009-0499, MSA-09-0008, MSA-08-0023)\n\nDaniel Cabezas discovered that Moodle would leak usernames from the Calendar Export tool. A remote attacker could gather a list of users, leading to a loss of privacy. (CVE-2009-0501, MSA-09-0006)\n\nChristian Eibl discovered that the TeX filter in Moodle allowed any function to be used. An authenticated remote attacker could post a specially crafted TeX formula to execute arbitrary TeX functions, potentially reading any file accessible to the web server user, leading to a loss of privacy. (CVE-2009-1171, MSA-09-0009)\n\nJohannes Kuhn discovered that Moodle did not correctly validate user permissions when attempting to switch user accounts. An authenticated remote attacker could switch to any other Moodle user, leading to a loss of privacy. (MSA-08-0003)\n\nHanno Boeck discovered that unconfigured Moodle instances contained XSS vulnerabilities. An unauthenticated remote attacker could exploit this to modify or steal confidential data of other users within the same web domain. (MSA-08-0004)\n\nDebbie McDonald, Mauno Korpelainen, Howard Miller, and Juan Segarra Montesinos discovered that when users were deleted from Moodle, their profiles and avatars were still visible. An authenticated remote attacker could exploit this to store information in profiles even after they were removed, leading to spam traffic. (MSA-08-0015, MSA-09-0001, MSA-09-0002)\n\nLars Vogdt discovered that Moodle did not correctly filter certain inputs. An authenticated remote attacker could exploit this to generate XSS from which they could modify or steal confidential data of other users within the same web domain. (MSA-08-0021)\n\nIt was discovered that Moodle did not correctly filter inputs for group creation, mnet, essay question, HOST param, wiki param, and others. An authenticated remote attacker could exploit this to generate XSS from which they could modify or steal confidential data of other users within the same web domain. (MDL-9288, MDL-11759, MDL-12079, MDL-12793, MDL-14806)\n\nIt was discovered that Moodle did not correctly filter SQL inputs when performing a restore. An attacker authenticated as a Moodle administrator could execute arbitrary SQL commands as the moodle database user, leading to a loss of privacy or denial of service. (MDL-11857)", "published": "2009-06-24T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/791-1/", "cvelist": ["CVE-2009-0501", "CVE-2008-4811", "CVE-2008-5432", "CVE-2008-5619", "CVE-2009-0502", "CVE-2008-4810", "CVE-2008-4796", "CVE-2008-6124", "CVE-2008-5153", "CVE-2009-0499", "CVE-2009-0500", "CVE-2009-1171", "CVE-2009-1669", "CVE-2007-3215"], "lastseen": "2018-03-29T18:20:52"}], "debian": [{"id": "DSA-1724", "type": "debian", "title": "moodle -- several vulnerabilities", "description": "Several vulnerabilities have been discovered in Moodle, an online course management system. The Common Vulnerabilities and Exposures project identifies the following problems:\n\n * [CVE-2009-0500](<https://security-tracker.debian.org/tracker/CVE-2009-0500>)\n\nIt was discovered that the information stored in the log tables was not properly sanitized, which could allow attackers to inject arbitrary web code.\n\n * [CVE-2009-0502](<https://security-tracker.debian.org/tracker/CVE-2009-0502>)\n\nIt was discovered that certain input via the \"Login as\" function was not properly sanitised leading to the injection of arbitrary web script.\n\n * [CVE-2008-5153](<https://security-tracker.debian.org/tracker/CVE-2008-5153>)\n\nDmitry E. Oboukhov discovered that the SpellCheker plugin creates temporary files insecurely, allowing a denial of service attack. Since the plugin was unused, it is removed in this update.\n\nFor the stable distribution (etch) these problems have been fixed in version 1.6.3-2+etch2.\n\nFor the testing (lenny) distribution these problems have been fixed in version 1.8.2.dfsg-3+lenny1.\n\nFor the unstable (sid) distribution these problems have been fixed in version 1.8.2.dfsg-4.\n\nWe recommend that you upgrade your moodle package.", "published": "2009-02-13T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-1724", "cvelist": ["CVE-2009-0502", "CVE-2008-5153", "CVE-2009-0500"], "lastseen": "2016-09-02T18:35:28"}]}}
