[securityalerts] Security notice: problem found in TeX and Algebra filters
Posted on April 2nd, 2009 in Moodle.org, News, Security | No Comments »
I received this email last night:
Hi Moodle Admins,
A serious problem with the TeX and algebra filters (used for mathematics notation in Moodle) has been found which could allow attackers to access server files.
If you don’t use TeX and algebra notation in your site then you should:
A) Simple disable the TeX and algebra filters completely for now:
Admin > Modules > Filters > Manage Filters
Otherwise you should:
B) Update your Moodle site to the latest weekly version from this week, or
C) Copy the latest files from filter/tex/* into your current install.The full copy of the security notice MSA-09-0009 is shown below – this will be added to http://moodle.org/security to inform the wider Moodle community sometime next week.
Disclosure Link: http://packetstormsecurity.org/0903-exploits/moodle-disclose.txt
