thr3ads.net - Secure testing team - [Secure-testing-team] Bug#586280: moodle: Cross Site Scripting vulnerability in blog/index.php [Jun 2010]

If this information is useful, please help other people find it:
Share via:

Victor Martinez

2010-Jun-18 03:59 UTC

[Secure-testing-team] Bug#586280: moodle: Cross Site Scripting vulnerability in blog/index.php

Package: moodle
Version: 1.8.2.dfsg-3+lenny3
Severity: grave
Tags: security patch
Justification: user security hole

MSA-10-0011:
Topic: Cross Site Scripting vulnerability in blog/index.php
Severity: Critical
Versions affected: <1.8.13 and <1.9.9
Reported by: Emmanuel Bouillon
Issue no.: MDL-22631
Solution: upgrade to 1.8.13 or 1.9.9
Workaround: apply patch or disable blogs
http://git.moodle.org/gw?p=moodle.git;a=commit;h=1f283c9acdf7b6a5c08b2768d3bf89b1e162d421
http://cvs.moodle.org/moodle/blog/lib.php?r1=1.80.2.20&r2=1.80.2.21

Description:
Some parameters were not being properly cleaned on the blog index page, allowing
non-persistent cross-site scripting (XSS) attacks.


-- System Information:
Debian Release: 5.0.4
  APT prefers stable
  APT policy: (990, ''stable'')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores)
Locale: LANG=en_US, LC_CTYPE= (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash

Versions of packages moodle depends on:
ii  apache2-mpm-prefor 2.2.9-10+lenny7       Apache HTTP Server - traditional n
ii  debconf [debconf-2 1.5.24                Debian configuration management sy
ii  libapache2-mod-php 5.2.6.dfsg.1-1+lenny8 server-side, HTML-embedded scripti
ii  mimetex            1.50-1+lenny1         LaTeX math expressions to anti-ali
ii  mysql-client-5.0 [ 5.0.51a-24+lenny4     MySQL database client binaries
ii  php5-cli           5.2.6.dfsg.1-1+lenny8 command-line interpreter for the p
ii  php5-curl          5.2.6.dfsg.1-1+lenny8 CURL module for php5
ii  php5-gd            5.2.6.dfsg.1-1+lenny8 GD module for php5
ii  php5-mysql         5.2.6.dfsg.1-1+lenny8 MySQL module for php5
ii  smarty             2.6.20-1.2            Template engine for PHP
ii  ucf                3.0016                Update Configuration File: preserv
ii  wwwconfig-common   0.1.2                 Debian web auto configuration
ii  yui                2.5.0-1               Yahoo User Interface Library
ii  zip                2.32-1                Archiver for .zip files

Versions of packages moodle recommends:
ii  mysql-server-5.0 [ 5.0.51a-24+lenny4     MySQL database server binaries
ii  php5-ldap          5.2.6.dfsg.1-1+lenny8 LDAP module for php5

moodle suggests no packages.

-- debconf-show failed
-------------- next part --------------
A non-text attachment was scrubbed...
Name: blog.patch
Type: text/x-diff
Size: 1237 bytes
Desc: not available
URL:
<http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20100617/3fcfe6aa/attachment.patch>

Secure testing team - Jun 2010 - Bug#586280: moodle: Cross Site Scripting vulnerability in blog/index.php

[Secure-testing-team] Bug#586280: moodle: Cross Site Scripting vulnerability in blog/index.php