CVE-2009-1171
published 2009-03-30CVE-2009-1171: The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted attackers to read arbitrary files…
PriorityP431medium4.3CVSS 2.0
AVNACMAuNCPINAN
EXPLOIT
EPSS
6.24%
92.7th percentile
The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted attackers to read arbitrary files via an input command in a "$$" sequence, which causes LaTeX to include the contents of the file.
Affected
27 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
vendor_ubuntu6.8MEDIUM
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Moodle vulnerability
vendor_ubuntu·2009-06-24·CVSS 4.3
CVE-2009-1171 [MEDIUM] Moodle vulnerability
Title: Moodle vulnerability
Summary: Moodle vulnerability
Christian Eibl discovered that the TeX filter in Moodle allowed any
function to be used. An authenticated remote attacker could post
a specially crafted TeX formula to execute arbitrary TeX functions,
potentially reading any file accessible to the web server user, leading
to a loss of privacy. (CVE-2009-1171, MSA-09-0009)
Instructions: After a standard system upgrade you need to access the Moodle instance
and accept the database update to clear any invalid cached data.
Ubuntu
Moodle vulnerabilities
vendor_ubuntu·2009-06-24·CVSS 6.8
CVE-2009-0500 [MEDIUM] Moodle vulnerabilities
Title: Moodle vulnerabilities
Summary: Moodle vulnerabilities
Thor Larholm discovered that PHPMailer, as used by Moodle, did not
correctly escape email addresses. A local attacker with direct access
to the Moodle database could exploit this to execute arbitrary commands
as the web server user. (CVE-2007-3215)
Nigel McNie discovered that fetching https URLs did not correctly escape
shell meta-characters. An authenticated remote attacker could execute
arbitrary commands as the web server user, if curl was installed and
configured. (CVE-2008-4796, MSA-09-0003)
It was discovered that Smarty (also included in Moodle), did not
correctly filter certain inputs. An authenticated remote attacker could
exploit this to execute arbitrary PHP commands as the web server user.
(CVE-2008-4810, CVE-2008
Red Hat
moodle: file disclosure flaw in TeX filter
vendor_redhat·CVSS 4.3
CVE-2009-1171 [MEDIUM] moodle: file disclosure flaw in TeX filter
moodle: file disclosure flaw in TeX filter
The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted attackers to read arbitrary files via an input command in a "$$" sequence, which causes LaTeX to include the contents of the file.
GHSA
GHSA-c8pm-7v2j-xmww: The TeX filter in Moodle 1
ghsa_unreviewed·2022-05-02
CVE-2009-1171 [MEDIUM] CWE-20 GHSA-c8pm-7v2j-xmww: The TeX filter in Moodle 1
The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted attackers to read arbitrary files via an input command in a "$$" sequence, which causes LaTeX to include the contents of the file.
No detection rules found.
Bugzilla
CVE-2010-1171 CVE-2009-0788 spacewalk-backend various flaws [fedora-all]
bugzilla·2011-04-11·CVSS 6.4
CVE-2010-1171 [MEDIUM] CVE-2010-1171 CVE-2009-0788 spacewalk-backend various flaws [fedora-all]
CVE-2010-1171 CVE-2009-0788 spacewalk-backend various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=584118
Please note: this issue affects multiple s
Bugzilla
CVE-2009-1171 moodle: file disclosure flaw in TeX filter
bugzilla·2009-03-31·CVSS 4.3
CVE-2009-1171 [MEDIUM] CVE-2009-1171 moodle: file disclosure flaw in TeX filter
CVE-2009-1171 moodle: file disclosure flaw in TeX filter
CVE-2009-1171:
The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8
before 1.8.9, and 1.9 before 1.9.5 allows user-assisted attackers to
read arbitrary files via an input command in a "$$" sequence, which
causes LaTeX to include the contents of the file.
Upstream bug and CVS commit:
http://tracker.moodle.org/browse/MDL-18552
http://cvs.moodle.org/moodle/filter/tex/filter.php?r1=1.18.4.4&r2=1.18.4.5
References:
http://www.securityfocus.com/archive/1/archive/1/502231/100/0/threaded
http://www.securityfocus.com/bid/34278
http://www.milw0rm.com/exploits/8297
Discussion:
Jon, I have not checked if we may be disabling TeX filter by default, but we do not ship mimetex, so we should be using system LaTex.
---
Upstream fu
http://cvs.moodle.org/moodle/filter/tex/filter.php?r1=1.18.4.4&r2=1.18.4.5http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.htmlhttp://secunia.com/advisories/34517http://secunia.com/advisories/34557http://secunia.com/advisories/34600http://secunia.com/advisories/35570http://tracker.moodle.org/browse/MDL-18552http://www.debian.org/security/2009/dsa-1761http://www.securityfocus.com/archive/1/502231/100/0/threadedhttp://www.securityfocus.com/bid/34278https://usn.ubuntu.com/791-2/https://www.exploit-db.com/exploits/8297https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00077.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-April/msg00079.htmlhttp://cvs.moodle.org/moodle/filter/tex/filter.php?r1=1.18.4.4&r2=1.18.4.5http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.htmlhttp://secunia.com/advisories/34517http://secunia.com/advisories/34557http://secunia.com/advisories/34600http://secunia.com/advisories/35570http://tracker.moodle.org/browse/MDL-18552http://www.debian.org/security/2009/dsa-1761http://www.securityfocus.com/archive/1/502231/100/0/threadedhttp://www.securityfocus.com/bid/34278https://usn.ubuntu.com/791-2/https://www.exploit-db.com/exploits/8297https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00077.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-April/msg00079.html
2009-03-30
Published