CVE-2009-4301
First published: Wed Dec 16 2009(Updated: )
mnet/lib.php in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7, when MNET services are enabled, does not properly check permissions, which allows remote authenticated servers to execute arbitrary MNET functions.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Moodle | =1.9.4 | |
| Moodle | =1.9.1 | |
| Moodle | =1.8.8 | |
| Moodle | =1.9.6 | |
| Moodle | =1.8.2 | |
| Moodle | =1.9.2 | |
| Moodle | =1.8.5 | |
| Moodle | =1.8.3 | |
| Moodle | =1.8.9 | |
| Moodle | =1.8.7 | |
| Moodle | =1.8.10 | |
| Moodle | =1.9.3 | |
| Moodle | =1.9.5 | |
| Moodle | =1.8.4 | |
| Moodle | =1.8.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/37244
- http://secunia.com/advisories/37614
- http://cvs.moodle.org/moodle/mnet/lib.php?r1=1.16.2.10&r2=1.16.2.11
- http://docs.moodle.org/en/Moodle_1.9.7_release_notes
- http://cvs.moodle.org/moodle/mnet/lib.php?r1=1.9.2.7&r2=1.9.2.8
- http://docs.moodle.org/en/Moodle_1.8.11_release_notes
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00730.html
- http://www.vupen.com/english/advisories/2009/3455
- http://moodle.org/mod/forum/discuss.php?d=139106
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00704.html
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00751.html
Frequently Asked Questions
What is the severity of CVE-2009-4301?
CVE-2009-4301 is considered a medium severity vulnerability due to improper permission checks in Moodle.
How do I fix CVE-2009-4301?
To fix CVE-2009-4301, upgrade your Moodle installation to version 1.8.11 or 1.9.7 or later.
Which versions of Moodle are affected by CVE-2009-4301?
CVE-2009-4301 affects Moodle versions prior to 1.8.11 and 1.9.7, including versions like 1.8.1 to 1.8.10 and 1.9.1 to 1.9.6.
What type of vulnerability is CVE-2009-4301?
CVE-2009-4301 is a remote code execution vulnerability that allows unauthorized execution of MNET functions.
Can CVE-2009-4301 be exploited by unauthenticated users?
No, CVE-2009-4301 can only be exploited by remote authenticated servers.
- agent/type
- agent/remedy
- agent/softwarecombine
- agent/author
- agent/references
- agent/severity
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/moodle
- canonical/moodle
- version/moodle/1.9.4
- version/moodle/1.9.1
- version/moodle/1.8.8
- version/moodle/1.9.6
- version/moodle/1.8.2
- version/moodle/1.9.2
- version/moodle/1.8.5
- version/moodle/1.8.3
- version/moodle/1.8.9
- version/moodle/1.8.7
- version/moodle/1.8.10
- version/moodle/1.9.3
- version/moodle/1.9.5
- version/moodle/1.8.4
- version/moodle/1.8.1