Vulnerabilities > CVE-2009-4304 - Credentials Management vulnerability in Moodle

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not use a random password salt in config.php, which makes it easier for attackers to conduct brute-force password guessing attacks.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-13040.NASL
    descriptionMoodle upstream has released latest stable versions (1.9.7 and 1.8.11), fixing multiple security issues. The list for 1.9.7 release: -------------------------- Security issues * MSA-09-0022 - Multiple CSRF problems fixed * MSA-09-0023 - Fixed user account disclosure in LAMS module * MSA-09-0024 - Fixed insufficient access control in Glossary module - MSA-09-0025 - Unneeded MD5 hashes removed from user table * MSA-09-0026 - Fixed invalid application access control in MNET interface * MSA-09-0027 - Ensured login information is always sent secured when using SSL for logins * MSA-09-0028 - Passwords and secrets are no longer ever saved in backups, new backup capabilities moodle/backup:userinfo and moodle/restore:userinfo for controlling who can backup/restore user data, new checks in the security overview report help admins identify dangerous backup permissions * MSA-09-0029 - A strong password policy is now enabled by default, enabling password salt in encouraged in config.php, admins are forced to change password after the upgrade and admins can force password change on other users via Bulk user actions * MSA-09-0030 - New detection of insecure Flash player plugins, Moodle won
    last seen2020-06-01
    modified2020-06-02
    plugin id43119
    published2009-12-14
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43119
    titleFedora 10 : moodle-1.9.7-1.fc10 (2009-13040)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2009-13040.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(43119);
      script_version("1.16");
      script_cvs_date("Date: 2019/08/02 13:32:29");
    
      script_cve_id("CVE-2009-4297", "CVE-2009-4298", "CVE-2009-4299", "CVE-2009-4300", "CVE-2009-4301", "CVE-2009-4302", "CVE-2009-4303", "CVE-2009-4304", "CVE-2009-4305");
      script_bugtraq_id(31887, 32402, 34278);
      script_xref(name:"FEDORA", value:"2009-13040");
    
      script_name(english:"Fedora 10 : moodle-1.9.7-1.fc10 (2009-13040)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Moodle upstream has released latest stable versions (1.9.7 and
    1.8.11), fixing multiple security issues. The list for 1.9.7 release:
    -------------------------- Security issues * MSA-09-0022 - Multiple
    CSRF problems fixed * MSA-09-0023 - Fixed user account disclosure in
    LAMS module * MSA-09-0024 - Fixed insufficient access control in
    Glossary module
    
      - MSA-09-0025 - Unneeded MD5 hashes removed from user
        table * MSA-09-0026 - Fixed invalid application access
        control in MNET interface * MSA-09-0027 - Ensured login
        information is always sent secured when using SSL for
        logins * MSA-09-0028 - Passwords and secrets are no
        longer ever saved in backups, new backup capabilities
        moodle/backup:userinfo and moodle/restore:userinfo for
        controlling who can backup/restore user data, new checks
        in the security overview report help admins identify
        dangerous backup permissions * MSA-09-0029 - A strong
        password policy is now enabled by default, enabling
        password salt in encouraged in config.php, admins are
        forced to change password after the upgrade and admins
        can force password change on other users via Bulk user
        actions * MSA-09-0030 - New detection of insecure Flash
        player plugins, Moodle won't serve Flash to insecure
        plugins * MSA-09-0031 - Fixed SQL injection in SCORM
        module The list for 1.8.11 release:
        ---------------------------- Security issues *
        MSA-09-0022 - Multiple CSRF problems fixed * MSA-09-0023
        - Fixed user account disclosure in LAMS module *
        MSA-09-0024 - Fixed insufficient access control in
        Glossary module * MSA-09-0025 - Unneeded MD5 hashes
        removed from user table * MSA-09-0026 - Fixed invalid
        application access control in MNET interface *
        MSA-09-0027 - Ensured login information is always sent
        secured when using SSL for logins * MSA-09-0028 -
        Passwords and secrets are no longer ever saved in
        backups, new backup capabilities moodle/backup:userinfo
        and moodle/restore:userinfo for controlling who can
        backup/restore user data * MSA-09-0029 - Enabling a
        password salt in encouraged in config.php and admins are
        forced to change password after the upgrade *
        MSA-09-0031 - Fixed SQL injection in SCORM module
        References: -----------
        http://docs.moodle.org/en/Moodle_1.9.7_release_notes
        http://docs.moodle.org/en/Moodle_1.8.11_release_notes
        CVE Request: ------------
        http://www.openwall.com/lists/oss-security/2009/12/06/1
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # http://docs.moodle.org/en/Moodle_1.8.11_release_notes
      script_set_attribute(
        attribute:"see_also",
        value:"https://docs.moodle.org/en/Moodle_1.8.11_release_notes"
      );
      # http://docs.moodle.org/en/Moodle_1.9.7_release_notes
      script_set_attribute(
        attribute:"see_also",
        value:"https://docs.moodle.org/en/Moodle_1.9.7_release_notes"
      );
      # http://www.openwall.com/lists/oss-security/2009/12/06/1
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.openwall.com/lists/oss-security/2009/12/06/1"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=544766"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2009-December/032513.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?5f244692"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected moodle package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(89, 200, 255, 264, 310, 352);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:moodle");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/12/15");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/12/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/12/14");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^10([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 10.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC10", reference:"moodle-1.9.7-1.fc10")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "moodle");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_MOODLE-100208.NASL
    descriptionThis patch updates Moodle to the latest stable upstream version (1.9.7) fixing multiple security issues: CVE-2009-4297, CVE-2009-4298, CVE-2009-4299, CVE-2009-4300, CVE-2009-4301, CVE-2009-4302, CVE-2009-4303, CVE-2009-4304, CVE-2009-4305, MSA-09-0030 (New detection of insecure Flash player plugins) The new version also has a completely new , more secure password handling. Beside other features, Admins will be asked to change their passwords next time they log in after upgrading.
    last seen2020-06-01
    modified2020-06-02
    plugin id44608
    published2010-02-15
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/44608
    titleopenSUSE Security Update : moodle (moodle-1933)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update moodle-1933.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(44608);
      script_version("1.9");
      script_cvs_date("Date: 2019/10/25 13:36:37");
    
      script_cve_id("CVE-2009-4297", "CVE-2009-4298", "CVE-2009-4299", "CVE-2009-4300", "CVE-2009-4301", "CVE-2009-4302", "CVE-2009-4303", "CVE-2009-4304", "CVE-2009-4305");
    
      script_name(english:"openSUSE Security Update : moodle (moodle-1933)");
      script_summary(english:"Check for the moodle-1933 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This patch updates Moodle to the latest stable upstream version
    (1.9.7) fixing multiple security issues: CVE-2009-4297, CVE-2009-4298,
    CVE-2009-4299, CVE-2009-4300, CVE-2009-4301, CVE-2009-4302,
    CVE-2009-4303, CVE-2009-4304, CVE-2009-4305, MSA-09-0030 (New
    detection of insecure Flash player plugins)
    
    The new version also has a completely new , more secure password
    handling. Beside other features, Admins will be asked to change their
    passwords next time they log in after upgrading."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=564364"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected moodle packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_cwe_id(89, 200, 255, 264, 310, 352);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-af");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-ar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-be");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-bg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-bs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-ca");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-cs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-da");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-de");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-de_du");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-el");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-es");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-et");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-eu");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-fa");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-fi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-fr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-ga");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-gl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-he");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-hi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-hr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-hu");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-id");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-is");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-it");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-ja");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-ka");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-km");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-kn");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-ko");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-lt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-lv");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-mi_tn");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-ms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-nl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-nn");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-no");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-pl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-pt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-ro");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-ru");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-sk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-sl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-so");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-sq");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-sr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-sv");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-th");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-tl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-tr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-uk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-vi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-zh_cn");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2010/02/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/02/15");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.0", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.0", reference:"moodle-1.9.7-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"moodle-af-1.9.7-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"moodle-ar-1.9.7-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"moodle-be-1.9.7-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"moodle-bg-1.9.7-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"moodle-bs-1.9.7-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"moodle-ca-1.9.7-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"moodle-cs-1.9.7-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"moodle-da-1.9.7-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"moodle-de-1.9.7-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"moodle-de_du-1.9.7-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"moodle-el-1.9.7-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"moodle-es-1.9.7-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"moodle-et-1.9.7-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"moodle-eu-1.9.7-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"moodle-fa-1.9.7-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"moodle-fi-1.9.7-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"moodle-fr-1.9.7-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"moodle-ga-1.9.7-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"moodle-gl-1.9.7-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"moodle-he-1.9.7-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"moodle-hi-1.9.7-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"moodle-hr-1.9.7-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"moodle-hu-1.9.7-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"moodle-id-1.9.7-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"moodle-is-1.9.7-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"moodle-it-1.9.7-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"moodle-ja-1.9.7-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"moodle-ka-1.9.7-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"moodle-km-1.9.7-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"moodle-kn-1.9.7-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"moodle-ko-1.9.7-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"moodle-lt-1.9.7-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"moodle-lv-1.9.7-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"moodle-mi_tn-1.9.7-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"moodle-ms-1.9.7-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"moodle-nl-1.9.7-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"moodle-nn-1.9.7-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"moodle-no-1.9.7-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"moodle-pl-1.9.7-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"moodle-pt-1.9.7-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"moodle-ro-1.9.7-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"moodle-ru-1.9.7-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"moodle-sk-1.9.7-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"moodle-sl-1.9.7-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"moodle-so-1.9.7-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"moodle-sq-1.9.7-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"moodle-sr-1.9.7-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"moodle-sv-1.9.7-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"moodle-th-1.9.7-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"moodle-tl-1.9.7-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"moodle-tr-1.9.7-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"moodle-uk-1.9.7-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"moodle-vi-1.9.7-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"moodle-zh_cn-1.9.7-0.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "moodle");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-13080.NASL
    descriptionMoodle upstream has released latest stable versions (1.9.7 and 1.8.11), fixing multiple security issues. The list for 1.9.7 release: -------------------------- Security issues * MSA-09-0022 - Multiple CSRF problems fixed * MSA-09-0023 - Fixed user account disclosure in LAMS module * MSA-09-0024 - Fixed insufficient access control in Glossary module - MSA-09-0025 - Unneeded MD5 hashes removed from user table * MSA-09-0026 - Fixed invalid application access control in MNET interface * MSA-09-0027 - Ensured login information is always sent secured when using SSL for logins * MSA-09-0028 - Passwords and secrets are no longer ever saved in backups, new backup capabilities moodle/backup:userinfo and moodle/restore:userinfo for controlling who can backup/restore user data, new checks in the security overview report help admins identify dangerous backup permissions * MSA-09-0029 - A strong password policy is now enabled by default, enabling password salt in encouraged in config.php, admins are forced to change password after the upgrade and admins can force password change on other users via Bulk user actions * MSA-09-0030 - New detection of insecure Flash player plugins, Moodle won
    last seen2020-06-01
    modified2020-06-02
    plugin id43123
    published2009-12-14
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43123
    titleFedora 11 : moodle-1.9.7-1.fc11 (2009-13080)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2009-13080.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(43123);
      script_version("1.13");
      script_cvs_date("Date: 2019/08/02 13:32:29");
    
      script_cve_id("CVE-2009-4297", "CVE-2009-4298", "CVE-2009-4299", "CVE-2009-4300", "CVE-2009-4301", "CVE-2009-4302", "CVE-2009-4303", "CVE-2009-4304", "CVE-2009-4305");
      script_xref(name:"FEDORA", value:"2009-13080");
    
      script_name(english:"Fedora 11 : moodle-1.9.7-1.fc11 (2009-13080)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Moodle upstream has released latest stable versions (1.9.7 and
    1.8.11), fixing multiple security issues. The list for 1.9.7 release:
    -------------------------- Security issues * MSA-09-0022 - Multiple
    CSRF problems fixed * MSA-09-0023 - Fixed user account disclosure in
    LAMS module * MSA-09-0024 - Fixed insufficient access control in
    Glossary module
    
      - MSA-09-0025 - Unneeded MD5 hashes removed from user
        table * MSA-09-0026 - Fixed invalid application access
        control in MNET interface * MSA-09-0027 - Ensured login
        information is always sent secured when using SSL for
        logins * MSA-09-0028 - Passwords and secrets are no
        longer ever saved in backups, new backup capabilities
        moodle/backup:userinfo and moodle/restore:userinfo for
        controlling who can backup/restore user data, new checks
        in the security overview report help admins identify
        dangerous backup permissions * MSA-09-0029 - A strong
        password policy is now enabled by default, enabling
        password salt in encouraged in config.php, admins are
        forced to change password after the upgrade and admins
        can force password change on other users via Bulk user
        actions * MSA-09-0030 - New detection of insecure Flash
        player plugins, Moodle won't serve Flash to insecure
        plugins * MSA-09-0031 - Fixed SQL injection in SCORM
        module The list for 1.8.11 release:
        ---------------------------- Security issues *
        MSA-09-0022 - Multiple CSRF problems fixed * MSA-09-0023
        - Fixed user account disclosure in LAMS module *
        MSA-09-0024 - Fixed insufficient access control in
        Glossary module * MSA-09-0025 - Unneeded MD5 hashes
        removed from user table * MSA-09-0026 - Fixed invalid
        application access control in MNET interface *
        MSA-09-0027 - Ensured login information is always sent
        secured when using SSL for logins * MSA-09-0028 -
        Passwords and secrets are no longer ever saved in
        backups, new backup capabilities moodle/backup:userinfo
        and moodle/restore:userinfo for controlling who can
        backup/restore user data * MSA-09-0029 - Enabling a
        password salt in encouraged in config.php and admins are
        forced to change password after the upgrade *
        MSA-09-0031 - Fixed SQL injection in SCORM module
        References: -----------
        http://docs.moodle.org/en/Moodle_1.9.7_release_notes
        http://docs.moodle.org/en/Moodle_1.8.11_release_notes
        CVE Request: ------------
        http://www.openwall.com/lists/oss-security/2009/12/06/1
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # http://docs.moodle.org/en/Moodle_1.8.11_release_notes
      script_set_attribute(
        attribute:"see_also",
        value:"https://docs.moodle.org/en/Moodle_1.8.11_release_notes"
      );
      # http://docs.moodle.org/en/Moodle_1.9.7_release_notes
      script_set_attribute(
        attribute:"see_also",
        value:"https://docs.moodle.org/en/Moodle_1.9.7_release_notes"
      );
      # http://www.openwall.com/lists/oss-security/2009/12/06/1
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.openwall.com/lists/oss-security/2009/12/06/1"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=544766"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2009-December/032560.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?90a0b47d"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected moodle package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_cwe_id(89, 200, 255, 264, 310, 352);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:moodle");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:11");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/12/15");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/12/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/12/14");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^11([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 11.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC11", reference:"moodle-1.9.7-1.fc11")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "moodle");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_MOODLE-100208.NASL
    descriptionThis patch updates Moodle to the latest stable upstream version (1.9.7) fixing multiple security issues: CVE-2009-4297, CVE-2009-4298, CVE-2009-4299, CVE-2009-4300, CVE-2009-4301, CVE-2009-4302, CVE-2009-4303, CVE-2009-4304, CVE-2009-4305, MSA-09-0030 (New detection of insecure Flash player plugins) The new version also has a completely new , more secure password handling. Beside other features, Admins will be asked to change their passwords next time they log in after upgrading.
    last seen2020-06-01
    modified2020-06-02
    plugin id44613
    published2010-02-15
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/44613
    titleopenSUSE Security Update : moodle (moodle-1933)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update moodle-1933.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(44613);
      script_version("1.9");
      script_cvs_date("Date: 2019/10/25 13:36:38");
    
      script_cve_id("CVE-2009-4297", "CVE-2009-4298", "CVE-2009-4299", "CVE-2009-4300", "CVE-2009-4301", "CVE-2009-4302", "CVE-2009-4303", "CVE-2009-4304", "CVE-2009-4305");
    
      script_name(english:"openSUSE Security Update : moodle (moodle-1933)");
      script_summary(english:"Check for the moodle-1933 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This patch updates Moodle to the latest stable upstream version
    (1.9.7) fixing multiple security issues: CVE-2009-4297, CVE-2009-4298,
    CVE-2009-4299, CVE-2009-4300, CVE-2009-4301, CVE-2009-4302,
    CVE-2009-4303, CVE-2009-4304, CVE-2009-4305, MSA-09-0030 (New
    detection of insecure Flash player plugins)
    
    The new version also has a completely new , more secure password
    handling. Beside other features, Admins will be asked to change their
    passwords next time they log in after upgrading."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=564364"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected moodle packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_cwe_id(89, 200, 255, 264, 310, 352);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-af");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-ar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-be");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-bg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-bs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-ca");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-cs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-da");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-de");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-de_du");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-el");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-es");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-et");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-eu");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-fa");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-fi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-fr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-ga");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-gl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-he");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-hi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-hr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-hu");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-id");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-is");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-it");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-ja");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-ka");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-km");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-kn");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-ko");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-lt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-lv");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-mi_tn");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-ms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-nl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-nn");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-no");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-pl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-pt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-ro");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-ru");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-sk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-sl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-so");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-sq");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-sr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-sv");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-th");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-tl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-tr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-uk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-vi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-zh_cn");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2010/02/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/02/15");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.1", reference:"moodle-1.9.7-0.1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"moodle-af-1.9.7-0.1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"moodle-ar-1.9.7-0.1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"moodle-be-1.9.7-0.1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"moodle-bg-1.9.7-0.1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"moodle-bs-1.9.7-0.1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"moodle-ca-1.9.7-0.1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"moodle-cs-1.9.7-0.1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"moodle-da-1.9.7-0.1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"moodle-de-1.9.7-0.1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"moodle-de_du-1.9.7-0.1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"moodle-el-1.9.7-0.1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"moodle-es-1.9.7-0.1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"moodle-et-1.9.7-0.1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"moodle-eu-1.9.7-0.1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"moodle-fa-1.9.7-0.1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"moodle-fi-1.9.7-0.1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"moodle-fr-1.9.7-0.1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"moodle-ga-1.9.7-0.1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"moodle-gl-1.9.7-0.1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"moodle-he-1.9.7-0.1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"moodle-hi-1.9.7-0.1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"moodle-hr-1.9.7-0.1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"moodle-hu-1.9.7-0.1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"moodle-id-1.9.7-0.1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"moodle-is-1.9.7-0.1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"moodle-it-1.9.7-0.1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"moodle-ja-1.9.7-0.1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"moodle-ka-1.9.7-0.1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"moodle-km-1.9.7-0.1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"moodle-kn-1.9.7-0.1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"moodle-ko-1.9.7-0.1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"moodle-lt-1.9.7-0.1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"moodle-lv-1.9.7-0.1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"moodle-mi_tn-1.9.7-0.1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"moodle-ms-1.9.7-0.1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"moodle-nl-1.9.7-0.1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"moodle-nn-1.9.7-0.1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"moodle-no-1.9.7-0.1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"moodle-pl-1.9.7-0.1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"moodle-pt-1.9.7-0.1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"moodle-ro-1.9.7-0.1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"moodle-ru-1.9.7-0.1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"moodle-sk-1.9.7-0.1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"moodle-sl-1.9.7-0.1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"moodle-so-1.9.7-0.1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"moodle-sq-1.9.7-0.1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"moodle-sr-1.9.7-0.1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"moodle-sv-1.9.7-0.1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"moodle-th-1.9.7-0.1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"moodle-tl-1.9.7-0.1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"moodle-tr-1.9.7-0.1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"moodle-uk-1.9.7-0.1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"moodle-vi-1.9.7-0.1.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"moodle-zh_cn-1.9.7-0.1.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "moodle");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-13065.NASL
    descriptionMoodle upstream has released latest stable versions (1.9.7 and 1.8.11), fixing multiple security issues. The list for 1.9.7 release: -------------------------- Security issues * MSA-09-0022 - Multiple CSRF problems fixed * MSA-09-0023 - Fixed user account disclosure in LAMS module * MSA-09-0024 - Fixed insufficient access control in Glossary module - MSA-09-0025 - Unneeded MD5 hashes removed from user table * MSA-09-0026 - Fixed invalid application access control in MNET interface * MSA-09-0027 - Ensured login information is always sent secured when using SSL for logins * MSA-09-0028 - Passwords and secrets are no longer ever saved in backups, new backup capabilities moodle/backup:userinfo and moodle/restore:userinfo for controlling who can backup/restore user data, new checks in the security overview report help admins identify dangerous backup permissions * MSA-09-0029 - A strong password policy is now enabled by default, enabling password salt in encouraged in config.php, admins are forced to change password after the upgrade and admins can force password change on other users via Bulk user actions * MSA-09-0030 - New detection of insecure Flash player plugins, Moodle won
    last seen2020-06-01
    modified2020-06-02
    plugin id43121
    published2009-12-14
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43121
    titleFedora 12 : moodle-1.9.7-1.fc12 (2009-13065)