thr3ads.net - Secure testing team - [Secure-testing-team] Bug#522116: CVE-2009-1171: File disclosure [Mar 2009]

If this information is useful, please help other people find it:
Share via:

Moritz Muehlenhoff

2009-Mar-31 21:58 UTC

[Secure-testing-team] Bug#522116: CVE-2009-1171: File disclosure

Package: moodle
Severity: grave
Tags: security

Issue:
http://packetstormsecurity.org/0903-exploits/moodle-disclose.txt

Patch:
http://cvs.moodle.org/moodle/filter/tex/filter.php?r1=1.18.4.4&r2=1.18.4.5
 
This is CVE-2009-1171

Cheers,
        Moritz

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, ''unstable'')
Architecture: i386 (i686)

Kernel: Linux 2.6.29-1-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15 at euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages moodle depends on:
pn  apache2-mpm-prefork | httpd   <none>     (no description available)
ii  debconf [debconf-2.0]         1.5.26     Debian configuration management sy
pn  libapache2-mod-php5 | php5-cg <none>     (no description available)
pn  mimetex                       <none>     (no description available)
pn  php5-cli                      <none>     (no description available)
pn  php5-curl                     <none>     (no description available)
pn  php5-gd                       <none>     (no description available)
pn  php5-pgsql | php5-mysql       <none>     (no description available)
pn  postgresql-client             <none>     (no description available)
ii  ucf                           3.0018     Update Configuration File: preserv
pn  wwwconfig-common              <none>     (no description available)

Versions of packages moodle recommends:
pn  postgresql | mysql-server     <none>     (no description available)

moodle suggests no packages.

Secure testing team - Mar 2009 - Bug#522116: CVE-2009-1171: File disclosure

[Secure-testing-team] Bug#522116: CVE-2009-1171: File disclosure