spell-check-logic.cgi in Moodle 1.8.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/spell-check-debug.log, (2) /tmp/spell-check-before, or (3) /tmp/spell-check-after temporary file. http://lists.debian.org/debian-devel/2008/08/msg00347.html http://uvw.ru/report.sid.txt
Created moodle tracking bugs for this issue CVE-2008-5153 Affects: F8 [bug #472118] CVE-2008-5153 Affects: F9 [bug #472119] CVE-2008-5153 Affects: Fdevel [bug #472120]
I see that this affects the current versions, as well. I don't see a proposed fix anywhere. I also don't see this reported upstream. Do we have a contact at Debian for this report? Would Dmitry Oboukhov be the right person?
I failed to find any Debian bug for this, these are Debian moodle bugs: http://bugs.debian.org/moodle If you have good contacts upstream, I may be good idea to double-check with them to make sure they are aware.
No contacts established, filed upstream bug: http://tracker.moodle.org/browse/MDL-17597
Fixed in rawhide. Coming to the other branches.
moodle-1.9.3-5.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/moodle-1.9.3-5.fc10
moodle-1.9.3-5.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/moodle-1.9.3-5.fc9
moodle-1.9.3-5.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
moodle-1.9.3-5.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.