Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 454318 - <www-apps/moodle-{2.2.7,2.3.4,2.4.1}: Multiple vulnerabilities (CVE-2012-{6098,6099,6100,6101,6102,6103,6104,6105,6106,6112})
Summary: <www-apps/moodle-{2.2.7,2.3.4,2.4.1}: Multiple vulnerabilities (CVE-2012-{609...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL: https://moodle.org/security/
Whiteboard: ~2 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2013-01-27 15:20 UTC by Sean Amoss (RETIRED)
Modified: 2013-01-31 13:23 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sean Amoss (RETIRED) gentoo-dev Security 2013-01-27 15:20:55 UTC 
Multiple vulnerabilies have been discovered in Moodle. From the upstream list at $URL:

MSA-13-0001	CVE-2012-6112	Security issue in Google Spellchecker in TinyMCE
MSA-13-0002	CVE-2012-6098	Capability issue with Outcome editing
MSA-13-0003	CVE-2012-6099	Potential server file access through backup restoration
MSA-13-0004	CVE-2012-6100	Information leak through activity report
MSA-13-0005	CVE-2012-6101	Potential phishing attack through URL redirects
MSA-13-0006	CVE-2012-6102	Potential information leak in Assignment module
MSA-13-0007	CVE-2012-6103	Potential exploit in messaging
MSA-13-0008	CVE-2012-6104	Information leak through Blog RSS
MSA-13-0009	CVE-2012-6105	Information leak through Blog RSS
MSA-13-0010	CVE-2012-6106	Failure to check capabilities in calendar
Comment 1 Sean Amoss (RETIRED) gentoo-dev Security 2013-01-27 15:21:31 UTC 
Maintainers, please drop vulnerable versions.
Comment 2 Anthony Basile gentoo-dev 2013-01-27 16:12:17 UTC 
(In reply to comment #1)
> Maintainers, please drop vulnerable versions.

Done.
Comment 3 Sean Amoss (RETIRED) gentoo-dev Security 2013-01-27 16:16:06 UTC 
(In reply to comment #2)
> (In reply to comment #1)
> > Maintainers, please drop vulnerable versions.
> 
> Done.

Thanks, Anthony!

Closing noglsa for ~arch only.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2013-01-31 13:23:39 UTC 
CVE-2012-6112 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6112):
  classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker)
  addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10,
  2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other
  products, does not properly handle control characters, which allows remote
  attackers to trigger arbitrary outbound HTTP requests via a crafted string.

CVE-2012-6106 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6106):
  calendar/managesubscriptions.php in the Manage Subscriptions implementation
  in Moodle 2.4.x before 2.4.1 omits a capability check, which allows remote
  authenticated users to remove course-level calendar subscriptions by
  leveraging the student role and sending an iCalendar object.

CVE-2012-6105 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6105):
  blog/rsslib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x
  before 2.3.4, and 2.4.x before 2.4.1 continues to provide a blog RSS feed
  after blogging is disabled, which allows remote attackers to obtain
  sensitive information by reading this feed.

CVE-2012-6104 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6104):
  blog/rsslib.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x
  before 2.4.1 allows remote attackers to obtain sensitive information from
  site-level blogs by leveraging the guest role and reading an RSS feed.

CVE-2012-6103 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6103):
  Multiple cross-site request forgery (CSRF) vulnerabilities in
  user/messageselect.php in the messaging system in Moodle 2.2.x before 2.2.7,
  2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to hijack
  the authentication of arbitrary users for requests that send course
  messages.

CVE-2012-6102 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6102):
  lib.php in the Submission comments plugin in the Assignment module in Moodle
  2.3.x before 2.3.4 and 2.4.x before 2.4.1 allows remote attackers to read or
  modify the submission comments (aka feedback comments) of arbitrary users
  via a crafted URI.

CVE-2012-6101 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6101):
  Multiple open redirect vulnerabilities in Moodle 2.2.x before 2.2.7, 2.3.x
  before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to redirect
  users to arbitrary web sites and conduct phishing attacks via vectors
  related to (1) backup/backupfilesedit.php, (2) comment/comment_post.php, (3)
  course/switchrole.php, (4) mod/wiki/filesedit.php, (5)
  tag/coursetags_add.php, or (6) user/files.php.

CVE-2012-6100 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6100):
  report/outline/index.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4,
  and 2.4.x before 2.4.1 does not properly enforce the
  moodle/user:viewhiddendetails capability requirement, which allows remote
  authenticated users to discover a hidden lastaccess value by reading an
  activity report.

CVE-2012-6099 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6099):
  The moodle1 backup converter in backup/converter/moodle1/lib.php in Moodle
  2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x
  before 2.4.1 does not properly validate pathnames, which allows remote
  authenticated users to read arbitrary files by leveraging the
  backup-restoration feature.

CVE-2012-6098 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6098):
  grade/edit/outcome/edit_form.php in Moodle 1.9.x through 1.9.19, 2.1.x
  before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before
  2.4.1 does not properly enforce the moodle/grade:manage capability
  requirement, which allows remote authenticated users to convert custom
  outcomes into standard site-wide outcomes by leveraging the teacher role and
  using the re-editing feature.