Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2009-1171 | First vendor Publication | 2009-03-30 |
Vendor | Cve | Last vendor Modification | 2020-12-01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted attackers to read arbitrary files via an input command in a "$$" sequence, which causes LaTeX to include the contents of the file. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1171 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:13316 | |||
Oval ID: | oval:org.mitre.oval:def:13316 | ||
Title: | USN-791-2 -- moodle vulnerability | ||
Description: | Christian Eibl discovered that the TeX filter in Moodle allowed any function to be used. An authenticated remote attacker could post a specially crafted TeX formula to execute arbitrary TeX functions, potentially reading any file accessible to the web server user, leading to a loss of privacy | ||
Family: | unix | Class: | patch |
Reference(s): | USN-791-2 CVE-2009-1171 | Version: | 5 |
Platform(s): | Ubuntu 9.04 | Product(s): | moodle |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:13687 | |||
Oval ID: | oval:org.mitre.oval:def:13687 | ||
Title: | USN-791-1 -- moodle vulnerabilities | ||
Description: | Thor Larholm discovered that PHPMailer, as used by Moodle, did not correctly escape email addresses. A local attacker with direct access to the Moodle database could exploit this to execute arbitrary commands as the web server user. Nigel McNie discovered that fetching https URLs did not correctly escape shell meta-characters. An authenticated remote attacker could execute arbitrary commands as the web server user, if curl was installed and configured. It was discovered that Smarty, did not correctly filter certain inputs. An authenticated remote attacker could exploit this to execute arbitrary PHP commands as the web server user. It was discovered that the unused SpellChecker extension in Moodle did not correctly handle temporary files. If the tool had been locally modified, it could be made to overwrite arbitrary local files via symlinks. Mike Churchward discovered that Moodle did not correctly filter Wiki page titles in certain areas. An authenticated remote attacker could exploit this to cause cross-site scripting, which could be used to modify or steal confidential data of other users within the same web domain. It was discovered that the HTML sanitizer, "Login as" feature, and logging in Moodle did not correctly handle certain inputs. An authenticated remote attacker could exploit this to generate XSS, which could be used to modify or steal confidential data of other users within the same web domain. It was discovered that the HotPot module in Moodle did not correctly filter SQL inputs. An authenticated remote attacker could execute arbitrary SQL commands as the moodle database user, leading to a loss of privacy or denial of service. Kevin Madura discovered that the forum actions and messaging settings in Moodle were not protected from cross-site request forgery. If an authenticated user were tricked into visiting a malicious website while logged into Moodle, a remote attacker could change the user�s configurations or forum content. Daniel Cabezas discovered that Moodle would leak usernames from the Calendar Export tool. A remote attacker could gather a list of users, leading to a loss of privacy. Christian Eibl discovered that the TeX filter in Moodle allowed any function to be used. An authenticated remote attacker could post a specially crafted TeX formula to execute arbitrary TeX functions, potentially reading any file accessible to the web server user, leading to a loss of privacy. Johannes Kuhn discovered that Moodle did not correctly validate user permissions when attempting to switch user accounts. An authenticated remote attacker could switch to any other Moodle user, leading to a loss of privacy. Hanno Boeck discovered that unconfigured Moodle instances contained XSS vulnerabilities. An unauthenticated remote attacker could exploit this to modify or steal confidential data of other users within the same web domain. Debbie McDonald, Mauno Korpelainen, Howard Miller, and Juan Segarra Montesinos discovered that when users were deleted from Moodle, their profiles and avatars were still visible. An authenticated remote attacker could exploit this to store information in profiles even after they were removed, leading to spam traffic. Lars Vogdt discovered that Moodle did not correctly filter certain inputs. An authenticated remote attacker could exploit this to generate XSS from which they could modify or steal confidential data of other users within the same web domain. It was discovered that Moodle did not correctly filter inputs for group creation, mnet, essay question, HOST param, wiki param, and others. An authenticated remote attacker could exploit this to generate XSS from which they could modify or steal confidential data of other users within the same web domain. It was discovered that Moodle did not correctly filter SQL inputs when performing a restore. An attacker authenticated as a Moodle administrator could execute arbitrary SQL commands as the moodle database user, leading to a loss of privacy or denial of service | ||
Family: | unix | Class: | patch |
Reference(s): | USN-791-1 CVE-2007-3215 CVE-2008-4796 CVE-2008-4810 CVE-2008-4811 CVE-2009-1669 CVE-2008-5153 CVE-2008-5432 CVE-2008-5619 CVE-2009-0500 CVE-2009-0502 CVE-2008-6124 CVE-2009-0499 CVE-2009-0501 CVE-2009-1171 | Version: | 5 |
Platform(s): | Ubuntu 8.10 Ubuntu 8.04 | Product(s): | moodle |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:13700 | |||
Oval ID: | oval:org.mitre.oval:def:13700 | ||
Title: | DSA-1761-1 moodle -- missing input sanitisation | ||
Description: | Christian J. Eibl discovered that the TeX filter of Moodle, a web-based course management system, doesn’t check user input for certain TeX commands which allows an attacker to include and display the content of arbitrary system files. Note that this doesn’t affect installations that only use the mimetex environment. For the oldstable distribution, this problem has been fixed in version 1.6.3-2+etch3. For the stable distribution, this problem has been fixed in version 1.8.2.dfsg-3+lenny2. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 1.8.2.dfsg-5. We recommend that you upgrade your moodle packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1761-1 CVE-2009-1171 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | moodle |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7916 | |||
Oval ID: | oval:org.mitre.oval:def:7916 | ||
Title: | DSA-1761 moodle -- missing input sanitisation | ||
Description: | Christian J. Eibl discovered that the TeX filter of Moodle, a web-based course management system, doesn't check user input for certain TeX commands which allows an attacker to include and display the content of arbitrary system files. Note that this doesn't affect installations that only use the mimetex environment. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1761 CVE-2009-1171 | Version: | 3 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | moodle |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-12-14 | Name : Fedora Core 10 FEDORA-2009-13040 (moodle) File : nvt/fcore_2009_13040.nasl |
2009-06-30 | Name : Ubuntu USN-791-1 (moodle) File : nvt/ubuntu_791_1.nasl |
2009-06-30 | Name : Ubuntu USN-791-2 (moodle) File : nvt/ubuntu_791_2.nasl |
2009-04-28 | Name : SuSE Security Summary SUSE-SR:2009:009 File : nvt/suse_sr_2009_009.nasl |
2009-04-06 | Name : Debian Security Advisory DSA 1761-1 (moodle) File : nvt/deb_1761_1.nasl |
2009-04-06 | Name : Fedora Core 10 FEDORA-2009-3280 (moodle) File : nvt/fcore_2009_3280.nasl |
2009-04-06 | Name : Fedora Core 9 FEDORA-2009-3283 (moodle) File : nvt/fcore_2009_3283.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
52998 | Moodle TeX Notation Filter Arbitrary File Access |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_moodle-090417.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_moodle-090417.nasl - Type : ACT_GATHER_INFO |
2009-06-25 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-791-1.nasl - Type : ACT_GATHER_INFO |
2009-06-25 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-791-2.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Fedora host is missing a security update. File : fedora_2009-3280.nasl - Type : ACT_GATHER_INFO |
2009-04-21 | Name : The remote openSUSE host is missing a security update. File : suse_moodle-6198.nasl - Type : ACT_GATHER_INFO |
2009-04-06 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1761.nasl - Type : ACT_GATHER_INFO |
2009-04-03 | Name : The remote Fedora host is missing a security update. File : fedora_2009-3283.nasl - Type : ACT_GATHER_INFO |
2009-03-30 | Name : The remote web server contains a PHP application that is affected by an infor... File : moodle_latex_info_disclosure.nasl - Type : ACT_ATTACK |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:09:22 |
|
2021-04-22 01:09:42 |
|
2020-12-01 17:22:46 |
|
2020-05-23 00:23:34 |
|
2018-10-11 00:19:34 |
|
2018-10-04 00:19:35 |
|
2017-09-29 09:24:09 |
|
2016-04-26 18:44:16 |
|
2014-02-17 10:49:32 |
|
2013-05-10 23:47:54 |
|