Zope Zcatalog插件程序远程类函数漏洞

漏洞信息详情

Zope Zcatalog插件程序远程类函数漏洞

• CNNVD编号：CNNVD-200207-070
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2002-0688
  
• 漏洞类型：
  
  
  访问验证错误
  
• 发布时间：
  
  2002-07-23
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-05-02
  
• 厂        商：
  
  zope
• 漏洞来源：
  Vulnerability anno…

Zope 2.4.0版本到2.5.1版本的Zcatalog插件程序指标支持性能存在漏洞。匿名用户和不信任代码可以绕过访问限制以及调用任意目录索引的类函数。

Debian has released advisory DSA 490-1 to address this issue. Please see the attached advisory for details on obtaining and applying fixes.
Fixes available:
Zope Zope 2.4 .0

• Zope Hotfix_2002-06-14.tgz
  
  http://www.zope.org/Products/Zope/Hotfix_2002-06-14/Hotfix_2002-06-14.
  tgz

Zope Zope 2.4.1

• Zope Hotfix_2002-06-14.tgz
  
  http://www.zope.org/Products/Zope/Hotfix_2002-06-14/Hotfix_2002-06-14.
  tgz

Zope Zope 2.4.2

• Zope Hotfix_2002-06-14.tgz
  
  http://www.zope.org/Products/Zope/Hotfix_2002-06-14/Hotfix_2002-06-14.
  tgz

Zope Zope 2.4.3

• Zope Hotfix_2002-06-14.tgz
  
  http://www.zope.org/Products/Zope/Hotfix_2002-06-14/Hotfix_2002-06-14.
  tgz

Zope Zope 2.4.4 b1

• Zope Hotfix_2002-06-14.tgz
  
  http://www.zope.org/Products/Zope/Hotfix_2002-06-14/Hotfix_2002-06-14.
  tgz

Zope Zope 2.5 .0

• Zope Hotfix_2002-06-14.tgz
  
  http://www.zope.org/Products/Zope/Hotfix_2002-06-14/Hotfix_2002-06-14.
  tgz

Zope Zope 2.5.1

• Debian zope_2.5.1-1woody1_alpha.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1
  _alpha.deb
• Debian zope_2.5.1-1woody1_arm.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1
  _arm.deb
• Debian zope_2.5.1-1woody1_hppa.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1
  _hppa.deb
• Debian zope_2.5.1-1woody1_i386.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1
  _i386.deb
• Debian zope_2.5.1-1woody1_ia64.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1
  _ia64.deb
• Debian zope_2.5.1-1woody1_m68k.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1
  _m68k.deb
• Debian zope_2.5.1-1woody1_mips.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1
  _mips.deb
• Debian zope_2.5.1-1woody1_mipsel.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1
  _mipsel.deb
• Debian zope_2.5.1-1woody1_powerpc.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1
  _powerpc.deb
• Debian zope_2.5.1-1woody1_s390.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1
  _s390.deb
• Debian zope_2.5.1-1woody1_sparc.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1
  _sparc.deb
• Zope Hotfix_2002-06-14.tgz
  
  http://www.zope.org/Products/Zope/Hotfix_2002-06-14/Hotfix_2002-06-14.
  tgz

来源: www.zope.org
链接:http://www.zope.org/Products/Zope/Hotfix_2002-06-14/security_alert

来源: BID
名称: 5812
链接:http://www.securityfocus.com/bid/5812

来源: REDHAT
名称: RHSA-2002:060
链接:http://www.redhat.com/support/errata/RHSA-2002-060.html

来源: XF
名称: zope-zcatalog-index-bypass(9610)
链接:http://www.iss.net/security_center/static/9610.php

来源: DEBIAN
名称: DSA-490
链接:http://www.debian.org/security/2004/dsa-490