Important Information Regarding Moodle Vulnerability (CVE-2017-2641)

Publish Time: 2017-03-22 00:00:00 UTC+8

Last Updated: 2017-03-22 12:00:00 UTC+8

Severity: Important

Status: Resolved

Abstract

CVE-2017-2641 allows authenticated remote attackers to execute arbitrary code and take control of servers that host vulnerable Moodle services.

Severity

Important

Affected

Products

Moodle version 3.1.2-0116 and before

Models

All Synology models

Description

The Block component in Moodle through 3.2.x before 3.2.2, 3.1.x before 3.1.5, 3.0.x before 3.0.9 and before 2.7.19 allows ordinary registered users to conduct PHP object injection attacks and execute arbitrary code via serialized data associated with crafted AJAX arguments.

Mitigation

Log in with the “admin” account and switch to the role of administrator.
Go to Dashboard > Site administration > Plugins > Authentication > Manage authentication and disable Self registration in the Common settings section.

Update Availability

To fix the security issues, please go to DSM > Package Center and install the latest version of Moodle to protect your Synology NAS from malicious attacks.

References

http://netanelrub.in/2017/03/20/moodle-remote-code-execution/
https://moodle.org/mod/forum/discuss.php?d=349419#p1409805