Debian: zope vulnerability

    Date11 Aug 2000
    CategoryDebian
    3235
    Posted ByLinuxSecurity Advisories
    On versions of Zope prior to 2.2beta1 it was possible for a user with theability to edit DTML can gain unauthorized access to extra roles during arequest.
    -----BEGIN PGP SIGNED MESSAGE-----
    
    - ------------------------------------------------------------------------
    Debian Security Advisory                             This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                            Michael Stone
    August 11, 2000
    - ------------------------------------------------------------------------
    
    Package: zope
    Vulnerability type: remote unprivileged access
    Debian-specific: no
    
    On versions of Zope prior to 2.2beta1 it was possible for a user with the
    ability to edit DTML can gain unauthorized access to extra roles during a
    request. 
    
    Debian 2.1 (slink) did not include zope, and is not vulnerable. The widely-used
    Debian 2.2 (potato) pre-release does include zope and is vulnerable to this
    issue. A fixed package for Debian 2.2 (potato) is available in zope 2.1.6-5.1.
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    
    Debian GNU/Linux 2.1 alias slink
    - --------------------------------
    
      This version of Debian did not include zope and is not vulnerable.
    
    
    
    Debian GNU/Linux 2.2 alias potato
    - ---------------------------------
    
      Source archives:
         http://security.debian.org/dists/frozen/updates/main/source/zope_2.1.6-5.1.diff.gz
          MD5 checksum: c75d6ccc953227214aa8cdcdc720c38a
         http://security.debian.org/dists/frozen/updates/main/source/zope_2.1.6-5.1.dsc
          MD5 checksum: 8332bcfbadc37bbe32e2a64d3b41300f
         http://security.debian.org/dists/frozen/updates/main/source/zope_2.1.6.orig.tar.gz
          MD5 checksum: 6ec4320afd6925c24f9f1b5cd7c4d7c5
      Alpha architecture:
         http://security.debian.org/dists/frozen/updates/main/binary-alpha/zope_2.1.6-5.1_alpha.deb
          MD5 checksum: f3432b908238de8b2fef2d8f10dd82ae
      Arm architecture:
         http://security.debian.org/dists/frozen/updates/main/binary-arm/zope_2.1.6-5.1_arm.deb
          MD5 checksum: 59bb35f4ac17bf1aa6c37d76a624f3c7
      Intel ia32 architecture:
         http://security.debian.org/dists/frozen/updates/main/binary-i386/zope_2.1.6-5.1_i386.deb
          MD5 checksum: 4716213c3986dd0e871a33acc8576c66
      Motorola 680x0 architecture:
        Will be available shortly
      PowerPC architecture:
         http://security.debian.org/dists/frozen/updates/main/binary-powerpc/zope_2.1.6-5.1_powerpc.deb
          MD5 checksum: 1345120dcca3a253b099b6d42ffc9f4b
      Sun Sparc architecture:
         http://security.debian.org/dists/frozen/updates/main/binary-sparc/zope_2.1.6-5.1_sparc.deb
          MD5 checksum: ed818435e7b672521d364a3c044a4043
    
    
    -----BEGIN PGP SIGNATURE-----
    Version: 2.6.3ia
    Charset: noconv
    
    iQCVAwUBOZSaiw0hVr09l8FJAQG2nwP9HYCgsfMOrTBrRQeUzjbsXXuneUpOrzAZ
    8kOLGczsIFWo7n3CDtCMjmgrXVfuF6zSq4XS9afJahLrdwfJWdXjhMXb7SHQ71ZU
    J/2OHoZdGVR2HizEKY8M3wpWw+BnJMUaLomv2LkgqaO5K2zJ2zNgLKIlHCrYHjIP
    cRtS6qszYqw=
    =ZzS9
    -----END PGP SIGNATURE-----
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"40","type":"x","order":"1","pct":48.78,"resources":[]},{"id":"88","title":"Should be more technical","votes":"13","type":"x","order":"2","pct":15.85,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"29","type":"x","order":"3","pct":35.37,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.