Bug 476709 - moodle: command injection via TeX filter (texed.php)
moodle: command injection via TeX filter (texed.php)
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
: Reopened, Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-12-16 11:58 EST by Tomas Hoger
Modified: 2010-03-22 11:45 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-03-22 11:45:45 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Tomas Hoger 2008-12-16 11:58:26 EST
A shell command execution flaw was reported for Moodle 1.9.3 affecting "TeX Notation" filter (filter/tex/texed.php).  According to the advisory and upstream commit message, this requires register_globals to be enabled and magic_quotes_gpc to be disabled.  Due to that, upstream is reportedly treating this as low-impact issue and should include some more generic protection against flaws related to the enabled register_globals.

Advisory:
  http://www.ush.it/team/ush/hack-moodle193/moodle193.txt
  http://marc.info/?l=full-disclosure&m=122910366131373&w=4

Upstream commit:
  http://cvs.moodle.org/moodle/filter/tex/texed.php?view=log#rev1.10
  http://cvs.moodle.org/moodle/filter/tex/texed.php?r1=1.9&r2=1.10

Upstream bug (currently private):
  http://tracker.moodle.org/browse/MDL-17207

Should not affect 1.8.7
Comment 1 Gwyn Ciesla 2008-12-17 12:36:03 EST
Current 1.9.3 in Fedora is a weekly snapshot from 11/7/08 that includes this patch.
Comment 2 Tomas Hoger 2008-12-17 13:08:26 EST
(In reply to comment #1)
> Current 1.9.3 in Fedora is a weekly snapshot from 11/7/08 that includes this
> patch.

Patch listed in comment #0 was committed upstream on Wed Nov 12 03:35:14 2008 WST, that should be after current Fedora snapshot.  I checked the file in 1.9.3-3 srpm again, and it does not seem to be included.  Again, please correct me if I'm wrong.
Comment 3 Gwyn Ciesla 2008-12-17 13:45:16 EST
Dang, I should get more sleep. :)  The patches above are partially applied.  I'll create a custom patch to do the rest.
Comment 4 Fedora Update System 2008-12-18 09:22:22 EST
moodle-1.9.3-4.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/moodle-1.9.3-4.fc10
Comment 5 Fedora Update System 2008-12-18 09:22:24 EST
moodle-1.9.3-4.fc9 has been submitted as an update for Fedora 9.
http://admin.fedoraproject.org/updates/moodle-1.9.3-4.fc9
Comment 6 Fedora Update System 2008-12-21 03:20:45 EST
moodle-1.9.3-4.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 7 Fedora Update System 2008-12-21 03:37:38 EST
moodle-1.9.3-4.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.