Debian: zope vulnerability

    Date11 Aug 2000
    Posted ByLinuxSecurity Advisories
    On versions of Zope prior to 2.2beta1 it was possible for a user with theability to edit DTML can gain unauthorized access to extra roles during arequest.
    - ------------------------------------------------------------------------
    Debian Security Advisory                             This email address is being protected from spambots. You need JavaScript enabled to view it.                            Michael Stone
    August 11, 2000
    - ------------------------------------------------------------------------
    Package: zope
    Vulnerability type: remote unprivileged access
    Debian-specific: no
    On versions of Zope prior to 2.2beta1 it was possible for a user with the
    ability to edit DTML can gain unauthorized access to extra roles during a
    Debian 2.1 (slink) did not include zope, and is not vulnerable. The widely-used
    Debian 2.2 (potato) pre-release does include zope and is vulnerable to this
    issue. A fixed package for Debian 2.2 (potato) is available in zope 2.1.6-5.1.
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    Debian GNU/Linux 2.1 alias slink
    - --------------------------------
      This version of Debian did not include zope and is not vulnerable.
    Debian GNU/Linux 2.2 alias potato
    - ---------------------------------
      Source archives:
          MD5 checksum: c75d6ccc953227214aa8cdcdc720c38a
          MD5 checksum: 8332bcfbadc37bbe32e2a64d3b41300f
          MD5 checksum: 6ec4320afd6925c24f9f1b5cd7c4d7c5
      Alpha architecture:
          MD5 checksum: f3432b908238de8b2fef2d8f10dd82ae
      Arm architecture:
          MD5 checksum: 59bb35f4ac17bf1aa6c37d76a624f3c7
      Intel ia32 architecture:
          MD5 checksum: 4716213c3986dd0e871a33acc8576c66
      Motorola 680x0 architecture:
        Will be available shortly
      PowerPC architecture:
          MD5 checksum: 1345120dcca3a253b099b6d42ffc9f4b
      Sun Sparc architecture:
          MD5 checksum: ed818435e7b672521d364a3c044a4043
    Version: 2.6.3ia
    Charset: noconv
    -----END PGP SIGNATURE-----
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"40","type":"x","order":"1","pct":48.78,"resources":[]},{"id":"88","title":"Should be more technical","votes":"13","type":"x","order":"2","pct":15.85,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"29","type":"x","order":"3","pct":35.37,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.