A service token validation issue was found in the Moodle Course Management System. Users with permission to access multiple services were able to use a token from one service to access another. An attacker could use this flaw, in an unauthorized way, to access content of an external service. Moodle versions 2.3 to 2.3.1, 2.2 to 2.2.4+, 2.1 to 2.1.7+ were found to be vulnerable. This issue is fixed upstream. -> http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34368
This issue affects the version of the moodle package as shipped with the Fedora release 16 and 17. Please schedule an update. -- This issue affects the version of the moodle package as shipped with the Fedora EPEL-6 release. Please schedule an update. -- This issue did NOT affect the version of the moodle package as shipped with the Fedora EPEL-5 release.
Update in progress, not linked to any BZ, none assigned to me.
The oss-security post[1] also mentions - CVE-2012-4403 - as below: === MSA-12-0056: Information leak in drag-and-drop Topic: Information disclosure in yui_combo.php Severity/Risk: Minor Versions affected: 2.3 to 2.3.1+ Reported by: Mark Baseggio Issue no.: MDL-35168 CVE Identifier: CVE-2012-4403 Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-35168 Description: The drag-and-drop script was responding to bad requests with information that included the full path to scripts on the server. === None of the Fedora or EPEL versions of moodle package are vulnerable to this flaw. Because the flaw gives away absolute file paths via variable ($contentfile). This variable is not present in any of the Fedora or EPEL versions of the moodle package. F17 -> moodle-2.2.4-1.fc17.noarch.rpm F16 -> moodle-2.0.10-1.fc16.noarch.rpm Fedora EPEL-6 -> moodle-2.1.7-1.el6.noarch.rpm Fedora EPEL-5 -> moodle-1.8.13-4.el5.noarch.rpm [1] http://www.openwall.com/lists/oss-security/2012/09/17/1 [2] http://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=a2bdf3401754815e45b8be5199c0db09eceefffd
Created moodle tracking bugs for this issue Affects: fedora-17 [bug 857981]
Created moodle tracking bugs for this issue Affects: fedora-16 [bug 857983]
Created moodle tracking bugs for this issue Affects: epel-6 [bug 857984]