Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

USN-658-1: Moodle vulnerability

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) USN-658-1: Moodle vulnerability
# 1  
Old 10-23-2008
USN-658-1: Moodle vulnerability
Referenced CVEs:
CVE-2008-1502


Description:
===========================================================Ubuntu Security Notice USN-658-1 October 23, 2008moodle vulnerabilityCVE-2008-1502===========================================================A security issue affects the following Ubuntu releases:Ubuntu 7.10Ubuntu 8.04 LTSThis advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 7.10: moodle 1.8.2-1ubuntu2.1Ubuntu 8.04 LTS: moodle 1.8.2-1ubuntu4.1In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:Lukasz Pilorz discovered that the HTML filtering used in Moodle was notstrict enough. A remote attacker could send malicious requests to Moodleand execute arbitrary code as the web server user.





More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

rdisc6

RDISC6(8)						      System Manager's Manual							 RDISC6(8)

NAME

       rdisc - ICMPv6 Router Discovery tool

SYNOPSIS

       rdisc6 [-qv] [-r attempts] [-w wait_ms] [ IPv6 address] <iface>

DESCRIPTON

       RDisc6  is  an  Unix  program  which  implements the ICMPv6 Router Discovery in userland (it is normally done by the kernel). It is used to
       lookup the list of on-link routers and IPv6 prefixes.

       It can also be used to force the kernel to update the state of a given IPv6-autoconfigured network interface.

       The name of the network interface to probe routers for must be specified.

OPTIONS

       -1 or --single
	      Exit as soon as the first advertisement is received.

       -h or --help
	      Display some help and exit.

       -m or --multiple
	      Wait for possible multiple advertisements and print all of them (default).

       -n or --numeric
	      If the optional parameter is not a valid IPv6 address, do not try to resolve it as a DNS hostname.

       -q or --quiet
	      Only display advertised IPv6 prefixes. Display nothing in case of failure.  That is mostly useful when calling the  program  from  a
	      shell script.

       -r attempts or --retry attempts
	      Send  ICMPv6 Router Discovery that many times until a reply is received, or abort. By default, rdisc6 will try 3 times before abort-
	      ing (MAX_RTR_SOLICITATIONS from RFC2461).

       -V or --version
	      Display program version and license and exit.

       -v or --verbose
	      Display verbose information. That is the default.

       -w wait_ms or --wait wait_ms
	      Wait wait_ms milliseconds for a response before retrying.  By default, rdisc6 waits 4 second between  each  attempts  (RTR_SOLICITA-
	      TION_INTERVAL from RFC2461).

SECURITY

       rdisc6  must  be  setuid  root to allow use by non privileged users. It will drop its root privileges before any attempt is made to send or
       receive data from the network to reduce the possible impact of a security vulnerability.

SEE ALSO

       ndisc6(8), ipv6(7)

AUTHOR

       Remi Denis-Courmont <remi at remlab dot net>

       $Id: rdisc6.8 658 2010-10-31 20:56:30Z remi $

       http://www.remlab.net/ndisc6/

rdisc6					      $Date: 2010-10-31 22:56:30 +0200 (dim. 31 oct. 2010) $					 RDISC6(8)