Detections
Analytics

Debian DSA-055-1 : zope - remote unauthorized access

medium Nessus Plugin ID 14892

Synopsis

The remote Debian host is missing a security-related update.

Description

A new Zope hotfix has been released which fixes a problem in ZClasses. The README for the 2001-05-01 hotfix describes the problem as `any user can visit a ZClass declaration and change the ZClass permission mappings for methods and other objects defined within the ZClass, possibly allowing for unauthorized access within the Zope instance.'

This hotfix has been added in version 2.1.6-10, and we highly recommend that you upgrade your zope package immediately.

Solution

Upgrade the affected zope package.

See Also

http://www.debian.org/security/2001/dsa-055

Plugin Details

Severity: Medium

ID: 14892

File Name: debian_DSA-055.nasl

Version: 1.19

Type: local

Agent: unix

Published: 9/29/2004

Updated: 1/4/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:zope, cpe:/o:debian:debian_linux:2.2

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 5/7/2001

Vulnerability Publication Date: 5/1/2001

Reference Information

CVE: CVE-2001-0567

DSA: 055