Security announcements

MSA-08-0006: Moodle cookie path can not be restricted

Petr Skoda發表於
Topic:Moodle cookie path can not be restricted
Severity:Low
Versions affected: <1.8.4
Reported by:Kevin
Issue no.:MDL-11927
Solution: Upgrade to 1.8.4 or latest stable snapshot. Or use patch:
http://cvs.moodle.org/moodle/lib/setup.php?r1=1.198.2.4&r2=1.198.2.5
http://cvs.moodle.org/moodle/lib/moodlelib.php?r1=1.837.2.76&r2=1.837.2.77

Description:

Starting with 1.8.4 version it is possible to limit the scope of Moodle session cookies through sessioncookiepath setting. Please note that using the same server name (ex: www.example.com) for Moodle installation and untrusted content (ex: www.example.com/~somestudent") not recommended.

討論這一議題  (至今有 0 篇回應)

MSA-08-0005: Bypassing restriction on multiple file uploads

Petr Skoda發表於
Topic:Bypassing restriction on multiple file uploads
Severity:Low
Versions affected: <1.7.x
<1.8.4
Reported by:Elites0ft Administrator
Issue no.:MDL-11783
Solution: Upgrade to 1.8.4 or latest stable snapshot.
In case of 1.7.x apply patch from http://cvs.moodle.org/moodle/mod/assignment/type/upload/assignment.class.php?r1=1.32.2.2&r2=1.32.2.3
討論這一議題  (至今有 0 篇回應)

MSA-08-0004: XSS in install.php before installation

Petr Skoda發表於
Topic:XSS in install.php before config.php created - no action required on working installations
Severity:Very low
Versions affected: 1.5.x
<1.6.6
<1.7.4
<1.8.4
Reported by:Hanno Boeck (schokokeks)
Issue no.:MDL-12869
Solution: It is recommended to finish installation after uploading of Moodle files. Always use latest stable version for initial installation.
討論這一議題  (至今有 0 篇回應)

MSA-08-0003: Insufficient access control in Login as feature

Petr Skoda發表於
Topic:Insufficient access control in Login as feature
Severity:Critical
Versions affected:1.8-1.8.3
Reported by:Johannes Kuhn
Issue no.: MDL-12911
Solution: upgrade to 1.8.4
Patch: MOODLE_18_STABLE http://cvs.moodle.org/moodle/course/loginas.php?r1=1.44.2.1&r2=1.44.2.2

Description:

Critical security problem was discovered in course/loginas.php script. Please make a full update or at least replace this file with latest version from 1.8.4.

討論這一議題  (至今有 0 篇回應)

MSA-08-0001: Access elevation in user edit form

Petr Skoda發表於
Topic:Access elevation in user edit form
Severity:Critical
Versions affected:1.5.x
<1.6.6
<1.7.3
Reported by:Gustav Delius
Issue no.:MDL-11663
Solution:upgrade to 1.6.6, 1.7.3 or any other latest stable release
Patches: MOODLE_16_STABLE http://cvs.moodle.org/moodle/user/edit.php?r1=1.112.2.4&r2=1.112.2.4.2.1
MOODLE_17_STABLE http://cvs.moodle.org/moodle/user/edit.php?r1=1.126.2.5&r2=1.126.2.6

Description:

Gustav Delius discovered and reported critical security problem in user editing interface which allows any registered user to significantly elevate his/her own permissions.

討論這一議題  (至今有 0 篇回應)

MSA-08-0002: register_globals=on not supported

Petr Skoda發表於
Topic:register_globals=on not supported
Severity:Critical
Versions affected:all past and future versions
Reported by:moodle.com
Issue no.: MDL-12914
Solution: set register_globals=off

Description:

Recently we have discovered several security problems in Moodle code exploitable when register_globals are enabled. This setting is considered to be highly problematic and is the most common source of security problems in PHP applications and PHP itself.

Due to the frequency of reported bugs in Moodle core and extensions caused by this obsoleted setting we have decided to stop supporting servers with register_globals=on completely. Please note that PHP developers do not considered this feature suitable for production servers and it will be completely removed in PHP6.

Latest Moodle versions print a warning on administration notification page if enabled register_globals detected. Please make sure all your servers are properly configured.

討論這一議題  (至今有 1 篇回應)