openSUSE 10 Security Update : moodle (moodle-3959)

high Nessus Plugin ID 27351

Synopsis

The remote openSUSE host is missing a security update.

Description

This update fixes the following issues :

- possible remote file inclusion (CVE-2007-1429)

- XSS injection in SCORM 1.2 reports

- Fixed XSS in login block

Additionally changes :

- Fixed visibility of site blogs

- moodle-config.php is now located in /etc/moodle/

- added safe_mode and session.save_handler as php options

Solution

Update the affected moodle packages.

Plugin Details

Severity: High

ID: 27351

File Name: suse_moodle-3959.nasl

Version: 1.13

Type: local

Agent: unix

Published: 10/17/2007

Updated: 1/14/2021

Supported Sensors: Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:moodle-gl, p-cpe:/a:novell:opensuse:moodle-he, p-cpe:/a:novell:opensuse:moodle-hi, p-cpe:/a:novell:opensuse:moodle-hr, p-cpe:/a:novell:opensuse:moodle-hu, p-cpe:/a:novell:opensuse:moodle-id, p-cpe:/a:novell:opensuse:moodle-is, p-cpe:/a:novell:opensuse:moodle-it, p-cpe:/a:novell:opensuse:moodle-ja, p-cpe:/a:novell:opensuse:moodle-ka, p-cpe:/a:novell:opensuse:moodle-km, p-cpe:/a:novell:opensuse:moodle-kn, p-cpe:/a:novell:opensuse:moodle-ko, p-cpe:/a:novell:opensuse:moodle-lt, p-cpe:/a:novell:opensuse:moodle-lv, p-cpe:/a:novell:opensuse:moodle-mi_tn, p-cpe:/a:novell:opensuse:moodle-ms, p-cpe:/a:novell:opensuse:moodle-nl, p-cpe:/a:novell:opensuse:moodle-nn, p-cpe:/a:novell:opensuse:moodle-no, p-cpe:/a:novell:opensuse:moodle-pl, p-cpe:/a:novell:opensuse:moodle-pt, p-cpe:/a:novell:opensuse:moodle-ro, p-cpe:/a:novell:opensuse:moodle-ru, p-cpe:/a:novell:opensuse:moodle-sk, p-cpe:/a:novell:opensuse:moodle-sl, p-cpe:/a:novell:opensuse:moodle, p-cpe:/a:novell:opensuse:moodle-af, p-cpe:/a:novell:opensuse:moodle-ar, p-cpe:/a:novell:opensuse:moodle-be, p-cpe:/a:novell:opensuse:moodle-bg, p-cpe:/a:novell:opensuse:moodle-bs, p-cpe:/a:novell:opensuse:moodle-ca, p-cpe:/a:novell:opensuse:moodle-cs, p-cpe:/a:novell:opensuse:moodle-da, p-cpe:/a:novell:opensuse:moodle-de, p-cpe:/a:novell:opensuse:moodle-el, p-cpe:/a:novell:opensuse:moodle-es, p-cpe:/a:novell:opensuse:moodle-et, p-cpe:/a:novell:opensuse:moodle-eu, p-cpe:/a:novell:opensuse:moodle-fa, p-cpe:/a:novell:opensuse:moodle-fi, p-cpe:/a:novell:opensuse:moodle-fr, p-cpe:/a:novell:opensuse:moodle-ga, p-cpe:/a:novell:opensuse:moodle-so, p-cpe:/a:novell:opensuse:moodle-sq, p-cpe:/a:novell:opensuse:moodle-sr, p-cpe:/a:novell:opensuse:moodle-sv, p-cpe:/a:novell:opensuse:moodle-th, p-cpe:/a:novell:opensuse:moodle-tl, p-cpe:/a:novell:opensuse:moodle-tr, p-cpe:/a:novell:opensuse:moodle-uk, p-cpe:/a:novell:opensuse:moodle-vi, p-cpe:/a:novell:opensuse:moodle-zh_cn, cpe:/o:novell:opensuse:10.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 7/25/2007

Reference Information

CVE: CVE-2007-1429