Summary
An input filter for TeX formulas can be exploited to disclose files readable by the web server. This includes the moodle configuration file with all authentication data and server locations for directly connecting to backend database.
TeX filter by default is off and in case of being activated mostly no complete LaTeX environment on a server system will be available.
Moodle 1.9.x (prior to 1.9.4)
Moodle 1.8.x (prior to 1.8.8)
Moodle 1.7.x (prior to 1.7.7)
Solution :
Several alternatives:
1) deactivate TeX filter, if not needed
2) use more restrictive mimetex program for rendering 3) change LaTeX configuration (set 'openin_any=p' for paranoid!)
... or upgrade to latest development version where patch should be applied by now.
References
Updated on 2015-03-25
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Adobe ColdFusion Multiple Vulnerabilities-03 May-2014
- Adobe ColdFusion Unspecified Information Disclosure Vulnerability
- Apache mod_proxy_ajp Information Disclosure Vulnerability
- Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
- Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities