Important Information Regarding Moodle Vulnerability (CVE-2017-2641)

Publish Time: 2017-03-22 00:00:00 UTC+8

Last Updated: 2017-03-22 12:00:00 UTC+8

Severity
Important
Status
Resolved

Abstract

CVE-2017-2641 allows authenticated remote attackers to execute arbitrary code and take control of servers that host vulnerable Moodle services.


Severity

Important


Affected

  • Products
    • Moodle version 3.1.2-0116 and before
  • Models
    • All Synology models


Description

The Block component in Moodle through 3.2.x before 3.2.2, 3.1.x before 3.1.5, 3.0.x before 3.0.9 and before 2.7.19 allows ordinary registered users to conduct PHP object injection attacks and execute arbitrary code via serialized data associated with crafted AJAX arguments.


Mitigation

  1. Log in with the “admin” account and switch to the role of administrator.
  2. Go to Dashboard > Site administration > Plugins > Authentication > Manage authentication and disable Self registration in the Common settings section.


Update Availability

To fix the security issues, please go to DSM > Package Center and install the latest version of Moodle to protect your Synology NAS from malicious attacks.


References

http://netanelrub.in/2017/03/20/moodle-remote-code-execution/
https://moodle.org/mod/forum/discuss.php?d=349419#p1409805