Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1171

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2009-1171
Last Modified 15 Jul 2009 01:40:25
Published 30 Mar 2009 06:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-1171

Summary

The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted attackers to read arbitrary files via an input command in a "$$" sequence, which causes LaTeX to include the contents of the file.

Vulnerable Systems

Application

  • Moodle 1.6

  • Moodle 1.6.1

  • Moodle 1.6.2

  • Moodle 1.6.3

  • Moodle 1.6.4

  • Moodle 1.6.5

  • Moodle 1.6.6

  • Moodle 1.6.7

  • Moodle 1.6.8

  • Moodle 1.7

  • Moodle 1.7.1

  • Moodle 1.7.2

  • Moodle 1.7.3

  • Moodle 1.7.4

  • Moodle 1.7.5

  • Moodle 1.7.6

  • Moodle 1.8

  • Moodle 1.8.1

  • Moodle 1.8.2

  • Moodle 1.8.3

  • Moodle 1.8.4

  • Moodle 1.8.5

  • Moodle 1.8.6

  • Moodle 1.8.7

  • Moodle 1.8.8

  • Moodle 1.9

  • Moodle 1.9.1

  • Moodle 1.9.2

  • Moodle 1.9.3

  • Moodle 1.9.4


References

FEDORA - FEDORA-2009-3283

FEDORA - FEDORA-2009-3280

UBUNTU - USN-791-2

MILW0RM - 8297

DEBIAN - DSA-1761

MISC - http://tracker.moodle.org/browse/MDL-18552

SECUNIA - 35570

SECUNIA - 34600

SECUNIA - 34557

SECUNIA - 34517

SUSE - SUSE-SR:2009:009

CONFIRM - http://cvs.moodle.org/moodle/filter/tex/filter.php?r1=1.18.4.4&r2=1.18.4.5


Last Updated: 27 May 2016 10:50:28