Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3458

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2006-3458
Last Modified 10 Mar 2011 12:00:00
Published 07 Jul 2006 07:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2006-3458

Summary

Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the "raw" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files.

Vulnerable Systems

Application

  • Zope 2.7.0

  • Zope 2.7.1

  • Zope 2.7.2

  • Zope 2.7.3

  • Zope 2.7.4

  • Zope 2.7.5

  • Zope 2.7.6

  • Zope 2.7.7

  • Zope 2.7.8

  • Zope 2.8.0

  • Zope 2.8.1

  • Zope 2.8.2

  • Zope 2.8.3

  • Zope 2.8.4

  • Zope 2.8.5

  • Zope 2.8.6

  • Zope 2.8.7

  • Zope 2.9.0

  • Zope 2.9.1

  • Zope 2.9.2

  • Zope 2.9.3


References

XF - zope-docutils-information-disclosure(27636)

CONFIRM - http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/README.txt

VUPEN - ADV-2006-2681

UBUNTU - USN-317-1

BID - 18856

SUSE - SUSE-SR:2006:019

DEBIAN - DSA-1113

SECUNIA - 21459

SECUNIA - 21130

SECUNIA - 21025

SECUNIA - 20988

MLIST - [Zope-announce] 20060706 Serious security problem with Zope 2


Last Updated: 27 May 2016 10:43:01