Moodle 'spell-check-logic.cgi' 任意文件重写漏洞

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：

Debian Linux 4.0 arm

Debian moodle_1.6.3-2+etch2_all.deb

http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch2_all.deb

Ubuntu Ubuntu Linux 8.04 LTS powerpc

Ubuntu moodle_1.8.2-1ubuntu4.2_all.deb

http://security.ubuntu.com/ubuntu/pool/main/m/moodle/moodle_1.8.2-1ubuntu4.2_all.deb

Ubuntu Ubuntu Linux 8.10 powerpc

Ubuntu moodle_1.8.2-1.2ubuntu2.1_all.deb

http://security.ubuntu.com/ubuntu/pool/main/m/moodle/moodle_1.8.2-1.2ubuntu2.1_all.deb

Debian Linux 4.0 powerpc

Debian moodle_1.6.3-2+etch2_all.deb

http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch2_all.deb

Ubuntu Ubuntu Linux 8.10 i386

Ubuntu moodle_1.8.2-1.2ubuntu2.1_all.deb

http://security.ubuntu.com/ubuntu/pool/main/m/moodle/moodle_1.8.2-1.2ubuntu2.1_all.deb

Ubuntu Ubuntu Linux 8.04 LTS sparc

Ubuntu moodle_1.8.2-1ubuntu4.2_all.deb

http://security.ubuntu.com/ubuntu/pool/main/m/moodle/moodle_1.8.2-1ubuntu4.2_all.deb

Debian Linux 4.0 m68k

Debian moodle_1.6.3-2+etch2_all.deb

http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch2_all.deb

Ubuntu Ubuntu Linux 8.04 LTS amd64

Ubuntu moodle_1.8.2-1ubuntu4.2_all.deb

http://security.ubuntu.com/ubuntu/pool/main/m/moodle/moodle_1.8.2-1ubuntu4.2_all.deb

Ubuntu Ubuntu Linux 8.04 LTS lpia

Ubuntu moodle_1.8.2-1ubuntu4.2_all.deb

http://security.ubuntu.com/ubuntu/pool/main/m/moodle/moodle_1.8.2-1ubuntu4.2_all.deb

Ubuntu Ubuntu Linux 8.10 lpia

Ubuntu moodle_1.8.2-1.2ubuntu2.1_all.deb

http://security.ubuntu.com/ubuntu/pool/main/m/moodle/moodle_1.8.2-1.2ubuntu2.1_all.deb

Debian Linux 4.0 amd64

Debian moodle_1.6.3-2+etch2_all.deb

http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch2_all.deb

Debian Linux 4.0 ia-32

Debian moodle_1.6.3-2+etch2_all.deb

http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch2_all.deb

Debian Linux 4.0 hppa

Debian moodle_1.6.3-2+etch2_all.deb

http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch2_all.deb

Debian Linux 4.0 sparc

Debian moodle_1.6.3-2+etch2_all.deb

http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch2_all.deb

Debian Linux 4.0 s/390

Debian moodle_1.6.3-2+etch2_all.deb

http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch2_all.deb

Ubuntu Ubuntu Linux 8.10 sparc

Ubuntu moodle_1.8.2-1.2ubuntu2.1_all.deb

http://security.ubuntu.com/ubuntu/pool/main/m/moodle/moodle_1.8.2-1.2ubuntu2.1_all.deb

Debian Linux 4.0 alpha

Debian moodle_1.6.3-2+etch2_all.deb

http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch2_all.deb

Debian Linux 4.0

Debian moodle_1.6.3-2+etch2_all.deb

http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch2_all.deb

Ubuntu Ubuntu Linux 8.04 LTS i386

Ubuntu moodle_1.8.2-1ubuntu4.2_all.deb

http://security.ubuntu.com/ubuntu/pool/main/m/moodle/moodle_1.8.2-1ubuntu4.2_all.deb

Debian Linux 4.0 mipsel

Debian moodle_1.6.3-2+etch2_all.deb

http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch2_all.deb

Ubuntu Ubuntu Linux 8.10 amd64

Ubuntu moodle_1.8.2-1.2ubuntu2.1_all.deb

http://security.ubuntu.com/ubuntu/pool/main/m/moodle/moodle_1.8.2-1.2ubuntu2.1_all.deb

Debian Linux 4.0 ia-64

Debian moodle_1.6.3-2+etch2_all.deb

http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch2_all.deb

Debian Linux 4.0 mips

Debian moodle_1.6.3-2+etch2_all.deb

http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch2_all.deb

来源: XF

名称: moodle-spellchecklogic-symlink(46708)

链接:http://xforce.iss.net/xforce/xfdb/46708

来源: BID

名称: 32402

链接:http://www.securityfocus.com/bid/32402

来源: MISC

链接:http://uvw.ru/report.sid.txt

来源: MLIST

名称: [debian-devel] 20080813 Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages

链接:http://lists.debian.org/debian-devel/2008/08/msg00347.html