Ubuntu USN-791-2 (moodle) Network Vulnerability

Summary

The remote host is missing an update to moodle announced via advisory USN-791-2.

Solution

The problem can be corrected by upgrading your system to the following package versions: Ubuntu 9.04: moodle 1.9.4.dfsg-0ubuntu1.1 After a standard system upgrade you need to access the Moodle instance and accept the database update to clear any invalid cached data. https://secure1.securityspace.com/smysecure/catid.html?in=USN-791-2

Insight

Christian Eibl discovered that the TeX filter in Moodle allowed any function to be used. An authenticated remote attacker could post a specially crafted TeX formula to execute arbitrary TeX functions, potentially reading any file accessible to the web server user, leading to a loss of privacy. (CVE-2009-1171, MSA-09-0009)

Severity

Classification

CVE CVE-2009-1171
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Ubuntu Update for dovecot vulnerabilities USN-1059-1
Ubuntu Update for awstats vulnerability USN-1047-1
Ubuntu Update for cups USN-2144-1
Ubuntu Update for apache2 vulnerabilities USN-499-1
Ubuntu Update for apparmor USN-1676-1

Take action and discover your vulnerabilities