Details of VAR-201704-0119

ID

VAR-201704-0119

CVE

CVE-2016-3733

TITLE

Moodle of restore teacher Of course in function ID Number overwritten vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-008521

DESCRIPTION

The "restore teacher" feature in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to overwrite the course idnumber. Moodle is a free, open source e-learning software platform developed by Dr. Martin Dougiamas of Australia, also known as a course management system, a learning management system or a virtual learning environment. There is a design vulnerability in Moodle. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. Moodle versions 3.0 to 3.0.3, 2.9 to 2.9.5, 2.8 to 2.8.11, 2.7 to 2.7.13 and earlier unsupported versions are affected

Trust: 2.61

sources: NVD: CVE-2016-3733 // JVNDB: JVNDB-2016-008521 // CNVD: CNVD-2016-03327 // BID: 90705 // IVD: 5abc3be2-2351-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 5abc3be2-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-03327

AFFECTED PRODUCTS

vendor:	moodle	model:	moodle	scope:	eq	version:	3.0.2	Trust: 1.6
vendor:	moodle	model:	moodle	scope:	eq	version:	2.7.13	Trust: 1.6
vendor:	moodle	model:	moodle	scope:	eq	version:	3.0.1	Trust: 1.6
vendor:	moodle	model:	moodle	scope:	eq	version:	2.7.0	Trust: 1.6
vendor:	moodle	model:	moodle	scope:	eq	version:	3.0.0	Trust: 1.6
vendor:	moodle	model:	moodle	scope:	eq	version:	2.7.2	Trust: 1.6
vendor:	moodle	model:	-	scope:	eq	version:	3.0.0	Trust: 1.0
vendor:	moodle	model:	moodle	scope:	eq	version:	3.0.3	Trust: 1.0
vendor:	moodle	model:	moodle	scope:	eq	version:	2.8.2	Trust: 1.0
vendor:	moodle	model:	moodle	scope:	eq	version:	2.8.7	Trust: 1.0
vendor:	moodle	model:	moodle	scope:	eq	version:	2.7.7	Trust: 1.0
vendor:	moodle	model:	moodle	scope:	eq	version:	2.7.12	Trust: 1.0
vendor:	moodle	model:	moodle	scope:	eq	version:	2.7.3	Trust: 1.0
vendor:	moodle	model:	moodle	scope:	eq	version:	2.7.9	Trust: 1.0
vendor:	moodle	model:	moodle	scope:	eq	version:	2.8.9	Trust: 1.0
vendor:	moodle	model:	moodle	scope:	eq	version:	2.8.8	Trust: 1.0
vendor:	moodle	model:	moodle	scope:	eq	version:	2.9.3	Trust: 1.0
vendor:	moodle	model:	moodle	scope:	eq	version:	2.9.4	Trust: 1.0
vendor:	moodle	model:	moodle	scope:	eq	version:	2.8.3	Trust: 1.0
vendor:	moodle	model:	moodle	scope:	eq	version:	2.8.1	Trust: 1.0
vendor:	moodle	model:	moodle	scope:	eq	version:	2.8.11	Trust: 1.0
vendor:	moodle	model:	moodle	scope:	eq	version:	2.7.5	Trust: 1.0
vendor:	moodle	model:	moodle	scope:	eq	version:	2.7.10	Trust: 1.0
vendor:	moodle	model:	moodle	scope:	eq	version:	2.8.6	Trust: 1.0
vendor:	moodle	model:	moodle	scope:	eq	version:	2.8.5	Trust: 1.0
vendor:	moodle	model:	moodle	scope:	eq	version:	2.8.4	Trust: 1.0
vendor:	moodle	model:	moodle	scope:	eq	version:	2.9.5	Trust: 1.0
vendor:	moodle	model:	moodle	scope:	eq	version:	2.9.2	Trust: 1.0
vendor:	moodle	model:	moodle	scope:	eq	version:	2.7.11	Trust: 1.0
vendor:	moodle	model:	moodle	scope:	eq	version:	2.9.1	Trust: 1.0
vendor:	moodle	model:	moodle	scope:	eq	version:	2.7.6	Trust: 1.0
vendor:	moodle	model:	moodle	scope:	eq	version:	2.7.4	Trust: 1.0
vendor:	moodle	model:	moodle	scope:	eq	version:	2.7.1	Trust: 1.0
vendor:	moodle	model:	moodle	scope:	eq	version:	2.8.0	Trust: 1.0
vendor:	moodle	model:	moodle	scope:	eq	version:	2.9.0	Trust: 1.0
vendor:	moodle	model:	moodle	scope:	eq	version:	2.7.8	Trust: 1.0
vendor:	moodle	model:	moodle	scope:	eq	version:	2.8.10	Trust: 1.0
vendor:	moodle	model:	moodle	scope:	eq	version:	2.7.13 for up to 2.7	Trust: 0.8
vendor:	moodle	model:	moodle	scope:	eq	version:	2.8.11 for up to 2.8	Trust: 0.8
vendor:	moodle	model:	moodle	scope:	eq	version:	2.9.5 for up to 2.9	Trust: 0.8
vendor:	moodle	model:	moodle	scope:	eq	version:	3.0.3 for up to 3.0	Trust: 0.8
vendor:	moodle	model:	-	scope:	eq	version:	2.7.0	Trust: 0.6
vendor:	moodle	model:	moodle	scope:	gte	version:	3.0<=3.0.3	Trust: 0.6
vendor:	moodle	model:	moodle	scope:	gte	version:	2.9<=2.9.5	Trust: 0.6
vendor:	moodle	model:	moodle	scope:	gte	version:	2.8<=2.8.11	Trust: 0.6
vendor:	moodle	model:	moodle	scope:	gte	version:	2.7<=2.7.13	Trust: 0.6
vendor:	moodle	model:	moodle	scope:	eq	version:	3.0	Trust: 0.6
vendor:	moodle	model:	-	scope:	eq	version:	2.7	Trust: 0.2
vendor:	moodle	model:	-	scope:	eq	version:	2.7.1	Trust: 0.2
vendor:	moodle	model:	-	scope:	eq	version:	2.7.2	Trust: 0.2
vendor:	moodle	model:	-	scope:	eq	version:	2.7.3	Trust: 0.2
vendor:	moodle	model:	-	scope:	eq	version:	2.7.4	Trust: 0.2
vendor:	moodle	model:	-	scope:	eq	version:	2.7.5	Trust: 0.2
vendor:	moodle	model:	-	scope:	eq	version:	2.7.6	Trust: 0.2
vendor:	moodle	model:	-	scope:	eq	version:	2.7.7	Trust: 0.2
vendor:	moodle	model:	-	scope:	eq	version:	2.7.8	Trust: 0.2
vendor:	moodle	model:	-	scope:	eq	version:	2.7.9	Trust: 0.2
vendor:	moodle	model:	-	scope:	eq	version:	2.7.10	Trust: 0.2
vendor:	moodle	model:	-	scope:	eq	version:	2.7.11	Trust: 0.2
vendor:	moodle	model:	-	scope:	eq	version:	2.7.12	Trust: 0.2
vendor:	moodle	model:	-	scope:	eq	version:	2.7.13	Trust: 0.2
vendor:	moodle	model:	-	scope:	eq	version:	2.8	Trust: 0.2
vendor:	moodle	model:	-	scope:	eq	version:	2.8.1	Trust: 0.2
vendor:	moodle	model:	-	scope:	eq	version:	2.8.2	Trust: 0.2
vendor:	moodle	model:	-	scope:	eq	version:	2.8.3	Trust: 0.2
vendor:	moodle	model:	-	scope:	eq	version:	2.8.4	Trust: 0.2
vendor:	moodle	model:	-	scope:	eq	version:	2.8.5	Trust: 0.2
vendor:	moodle	model:	-	scope:	eq	version:	2.8.6	Trust: 0.2
vendor:	moodle	model:	-	scope:	eq	version:	2.8.7	Trust: 0.2
vendor:	moodle	model:	-	scope:	eq	version:	2.8.8	Trust: 0.2
vendor:	moodle	model:	-	scope:	eq	version:	2.8.9	Trust: 0.2
vendor:	moodle	model:	-	scope:	eq	version:	2.8.10	Trust: 0.2
vendor:	moodle	model:	-	scope:	eq	version:	2.8.11	Trust: 0.2
vendor:	moodle	model:	-	scope:	eq	version:	2.9	Trust: 0.2
vendor:	moodle	model:	-	scope:	eq	version:	2.9.1	Trust: 0.2
vendor:	moodle	model:	-	scope:	eq	version:	2.9.2	Trust: 0.2
vendor:	moodle	model:	-	scope:	eq	version:	2.9.3	Trust: 0.2
vendor:	moodle	model:	-	scope:	eq	version:	2.9.4	Trust: 0.2
vendor:	moodle	model:	-	scope:	eq	version:	2.9.5	Trust: 0.2
vendor:	moodle	model:	-	scope:	eq	version:	3.0	Trust: 0.2
vendor:	moodle	model:	-	scope:	eq	version:	3.0.1	Trust: 0.2
vendor:	moodle	model:	-	scope:	eq	version:	3.0.2	Trust: 0.2
vendor:	moodle	model:	-	scope:	eq	version:	3.0.3	Trust: 0.2

sources: IVD: 5abc3be2-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-03327 // JVNDB: JVNDB-2016-008521 // CNNVD: CNNVD-201605-449 // NVD: CVE-2016-3733

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-3733
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-3733
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2016-03327
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201605-449
value:	MEDIUM
Trust: 0.6
IVD:	5abc3be2-2351-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2

nvd@nist.gov:	CVE-2016-3733
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2016-03327
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	5abc3be2-2351-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2016-3733
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: IVD: 5abc3be2-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-03327 // JVNDB: JVNDB-2016-008521 // CNNVD: CNNVD-201605-449 // NVD: CVE-2016-3733

PROBLEMTYPE DATA

problemtype:

CWE-284

Trust: 1.8

sources: JVNDB: JVNDB-2016-008521 // NVD: CVE-2016-3733

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201605-449

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201605-449

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-008521

PATCH

title:	weekly release 3.4dev	url:	https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51369	Trust: 0.8
title:	Bug 1335933	url:	https://bugzilla.redhat.com/show_bug.cgi?id=1335933	Trust: 0.8
title:	Patch for Moodle Design Vulnerability (CNVD-2016-03327)	url:	https://www.cnvd.org.cn/patchInfo/show/76090	Trust: 0.6
title:	Moodle Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61763	Trust: 0.6

sources: CNVD: CNVD-2016-03327 // JVNDB: JVNDB-2016-008521 // CNNVD: CNNVD-201605-449

EXTERNAL IDS

db:	NVD	id:	CVE-2016-3733	Trust: 3.5
db:	OPENWALL	id:	OSS-SECURITY/2016/05/17/4	Trust: 2.2
db:	SECTRACK	id:	1035902	Trust: 1.6
db:	CNVD	id:	CNVD-2016-03327	Trust: 0.8
db:	CNNVD	id:	CNNVD-201605-449	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-008521	Trust: 0.8
db:	BID	id:	90705	Trust: 0.3
db:	IVD	id:	5ABC3BE2-2351-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: 5abc3be2-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-03327 // BID: 90705 // JVNDB: JVNDB-2016-008521 // CNNVD: CNNVD-201605-449 // NVD: CVE-2016-3733

REFERENCES

url:	http://www.openwall.com/lists/oss-security/2016/05/17/4	Trust: 2.2
url:	http://www.securitytracker.com/id/1035902	Trust: 1.6
url:	http://git.moodle.org/gw?p=moodle.git&a=search&h=head&st=commit&s=mdl-51369	Trust: 1.6
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1335933	Trust: 1.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3733	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2016-3733	Trust: 0.8
url:	http://www.moodle.org	Trust: 0.3

sources: CNVD: CNVD-2016-03327 // BID: 90705 // JVNDB: JVNDB-2016-008521 // CNNVD: CNNVD-201605-449 // NVD: CVE-2016-3733

CREDITS

Donna Hrynkiw

Trust: 0.6

sources: CNNVD: CNNVD-201605-449

SOURCES

db:	IVD	id:	5abc3be2-2351-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2016-03327
db:	BID	id:	90705
db:	JVNDB	id:	JVNDB-2016-008521
db:	CNNVD	id:	CNNVD-201605-449
db:	NVD	id:	CVE-2016-3733

LAST UPDATE DATE

2024-11-23T21:54:10.068000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-03327	date:	2016-05-20T00:00:00
db:	BID	id:	90705	date:	2016-05-17T00:00:00
db:	JVNDB	id:	JVNDB-2016-008521	date:	2017-05-26T00:00:00
db:	CNNVD	id:	CNNVD-201605-449	date:	2020-12-02T00:00:00
db:	NVD	id:	CVE-2016-3733	date:	2024-11-21T02:50:35.950

SOURCES RELEASE DATE

db:	IVD	id:	5abc3be2-2351-11e6-abef-000c29c66e3d	date:	2016-05-20T00:00:00
db:	CNVD	id:	CNVD-2016-03327	date:	2016-05-19T00:00:00
db:	BID	id:	90705	date:	2016-05-17T00:00:00
db:	JVNDB	id:	JVNDB-2016-008521	date:	2017-05-26T00:00:00
db:	CNNVD	id:	CNNVD-201605-449	date:	2016-05-18T00:00:00
db:	NVD	id:	CVE-2016-3733	date:	2017-04-20T21:59:00.843