CVE-2006-3458 Information
Description
Zope 2.7.0 to 2.7.8 2.8.0 to 2.8.7 and 2.9.0 to 2.9.3 (Zope2) does not disable the \raw\ command when providing untrusted users with restructured text (reStructuredText) functionality from docutils which allows local users to read arbitrary files.
Reference
http://mail.zope.org/pipermail/zope-announce/2006-July/001984.html http://secunia.com/advisories/20988 http://secunia.com/advisories/21025 http://secunia.com/advisories/21130 http://secunia.com/advisories/21459 http://www.debian.org/security/2006/dsa-1113 http://www.novell.com/linux/security/advisories/2006_19_sr.html http://www.securityfocus.com/bid/18856 http://www.vupen.com/english/advisories/2006/2681 http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/README.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/27636 https://usn.ubuntu.com/317-1/
Share on: