 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.100085 |
| Categoría: | Web application abuses |
| Título: | Moodle File Disclosure Vulnerability (Mar 2009) |
| Resumen: | Moodle is prone to a file disclousure vulnerability. |
| Descripción: | Summary: Moodle is prone to a file disclousure vulnerability. Vulnerability Insight: An input filter for TeX formulas can be exploited to disclose files readable by the web server. This includes the moodle configuration file with all authentication data and server locations for directly connecting to backend database. TeX filter by default is off and in case of being activated mostly no complete LaTeX environment on a server system will be available. Affected Software/OS: Moodle versions 1.6.x prior to 1.6.9, 1.7.x prior to 1.7.7, 1.8.x prior to 1.8.9 and 1.9.x prior to 1.9.5. Solution: Several alternatives: 1) deactivate TeX filter, if not needed 2) use more restrictive mimetex program for rendering 3) change LaTeX configuration (set 'openin_any=p' for paranoid!) or upgrade to latest development version where patch should be applied by now. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2009-1171 BugTraq ID: 34278 http://www.securityfocus.com/bid/34278 Bugtraq: 20090327 Moodle: Sensitive File Disclosure (Google Search) http://www.securityfocus.com/archive/1/502231/100/0/threaded Debian Security Information: DSA-1761 (Google Search) http://www.debian.org/security/2009/dsa-1761 https://www.exploit-db.com/exploits/8297 https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00077.html https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00079.html http://tracker.moodle.org/browse/MDL-18552 http://secunia.com/advisories/34517 http://secunia.com/advisories/34557 http://secunia.com/advisories/34600 http://secunia.com/advisories/35570 SuSE Security Announcement: SUSE-SR:2009:009 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html https://usn.ubuntu.com/791-2/ |
| Copyright | Copyright (C) 2009 Greenbone AG |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |