Date: Sun, 13 Nov 2011 18:19:21 -0700 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com CC: jmm@...ian.org Subject: Re: Fwd: DSA 2338-1 moodle security update Ok so for the sake of completeness the following is all Moodle Security Advisories from 2011 so far. One has a CVE assigned (rather, it moodle repackages phpMyAdmin which has a CVE assigned), several are security hardening fixes (so no CVE) and several require admin access (so they don't cross a security boundary, so no CVE). Notes are included. I also found CVE-2011-3757, I'm unable to confirm this issue (I just get a 500 internal server error) but http://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=2c28fa7643b168006883a81a2421012d357a22d6 would indicate it's been fixed. P.S. could someone from moodle maybe request CVE's when they assign a security advisory (just forward a copy of the MSA to the OSS list would do the trick), barrnig that if a community member could take it upon themselves that would be nice (then CVE's can be assigned promptly). ===================== MSA-11-0001: ALREADY ASSIGNED CVE-2011-0987 Customised phpMyAdmin upgraded to 18.104.22.168 and 22.214.171.124 MSA-11-0002: CVE-2011-4133 Cross-site request forgery vulnerability in RSS block MSA-11-0003: CVE-2011-4278 Cross-site scripting vulnerability in tag autocomplete MSA-11-0004: CVE-2011-4279 $CFG->forceloginforprofiles setting ignored in course profiles MSA-11-0005: CVE-2011-4280 Cross-site scripting vulnerability in spikephpcoverage MSA-11-0006: CVE-2011-4281 Cross-site request forgery and missing access control in course completion MSA-11-0007: CVE-2011-4282 Cross-site scripting vulnerability in course tags MSA-11-0008: CVE-2011-4283 IMS enterprise enrolment file may disclose sensitive information MSA-11-0009: CVE-2011-4284 My profile block may disclose private information if used in user context MSA-11-0010: CVE-2011-4285 Incorrect default for mod:course/delete capability in teacher role MSA-11-0011: CVE-2011-4286 Multiple cross-site scripting problems in media filter MSA-11-0012: CVE-2011-4287 Authentication issue MSA-11-0013: CVE-2011-4288 Group/Quiz permissions issue MSA-11-0014: CVE-2011-4289 Personal details displayed without permission MSA-11-0015: CVE-2011-4290 Cross Site Scripting through URL encoding MSA-11-0016: CVE-2011-4291 Ability to fill a database with invalid records through ratings MSA-11-0017: CVE-2011-4292 Ability to generate invalid records in the comments table in the database MSA-11-0018: NO CVE Lacking capability controls over cohorts (hardening) MSA-11-0019: CVE-2011-4293 Themes writing to files outside Moodle data directory MSA-11-0020: CVE-2011-4294 Continue links in error messages can lead offsite MSA-11-0021: CVE-2011-4295 Role assignment web service function not following restrictions MSA-11-0022: CVE-2011-4296 Course creators could change filters at course level MSA-11-0023: CVE-2011-4297 Guests can add comments to front page activities MSA-11-0024: NO CVE Recaptcha images were being authenticated from an older server (hardening) MSA-11-0025: NO CVE Group names in user upload CSV not being escaped (need to be admin) MSA-11-0026: NO CVE Fields in user upload CSV not being escaped (need to be admin) MSA-11-0027: CVE-2011-4298 Wiki pages reference forgery issue MSA-11-0028: CVE-2011-4299 Wiki comments cross site scripting issue MSA-11-0029: CVE-2011-4300 File visibility issue MSA-11-0030: NO CVE Box.net repository integration authentication issue (hardening) MSA-11-0031: CVE-2011-4301 Forms API constant issue MSA-11-0032: CVE-2011-4302 MNET SSL validation issue MSA-11-0033: CVE-2011-4303 Site-hub registration identity issue MSA-11-0034: CVE-2011-4304 Chat module information leak MSA-11-0035: NO CVE Cookie-less session vulnerability (hardening) MSA-11-0036: CVE-2011-4305 Messaging refresh vulnerability MSA-11-0037: CVE-2011-4306 Course section editing injection vulnerability MSA-11-0038: NO CVE Database injection protection strengthened (hardening) MSA-11-0039: CVE-2011-4307 Wiki section vulnerability MSA-11-0040: CVE-2011-4308 Potential personal information leak MSA-11-0041: CVE-2011-4309 Global search authentication issue -- Kurt Seifried / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.