Ubuntu USN-791-2 (moodle) Network Vulnerability

Summary

The remote host is missing an update to moodle announced via advisory USN-791-2.

Solution

The problem can be corrected by upgrading your system to the following package versions: Ubuntu 9.04: moodle 1.9.4.dfsg-0ubuntu1.1 After a standard system upgrade you need to access the Moodle instance and accept the database update to clear any invalid cached data. https://secure1.securityspace.com/smysecure/catid.html?in=USN-791-2

Insight

Christian Eibl discovered that the TeX filter in Moodle allowed any function to be used. An authenticated remote attacker could post a specially crafted TeX formula to execute arbitrary TeX functions, potentially reading any file accessible to the web server user, leading to a loss of privacy. (CVE-2009-1171, MSA-09-0009)

Severity

Classification

CVE CVE-2009-1171

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Ubuntu Update for bogofilter vulnerability USN-980-1
Ubuntu Update for dnsmasq vulnerability USN-627-1
Ubuntu Update for cups, cupsys vulnerabilities USN-952-1
Ubuntu Update for bind9 USN-1163-1
Ubuntu Update for cinder USN-2405-1

Take action and discover your vulnerabilities