Debian Security Advisory
DSA-055-1 zope -- remote unauthorized access
- Date Reported:
- 07 May 2001
- Affected Packages:
- zope
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2001-0567.
- More information:
-
A new Zope hotfix has been released which fixes a problem in ZClasses.
The README for the 2001-05-01 hotfix describes the problem as `any user
can visit a ZClass declaration and change the ZClass permission mappings
for methods and other objects defined within the ZClass, possibly
allowing for unauthorized access within the Zope instance.'
This hotfix has been added in version 2.1.6-10, and we highly recommend that you upgrade your zope package immediately.
- Fixed in:
-
Debian GNU/Linux 2.2 (potato)
- Source:
- http://security.debian.org/dists/stable/updates/main/source/zope_2.1.6-10.diff.gz
- http://security.debian.org/dists/stable/updates/main/source/zope_2.1.6-10.dsc
- http://security.debian.org/dists/stable/updates/main/source/zope_2.1.6.orig.tar.gz
- http://security.debian.org/dists/stable/updates/main/source/zope_2.1.6-10.dsc
- Alpha:
- http://security.debian.org/dists/stable/updates/main/binary-alpha/zope_2.1.6-10_alpha.deb
- ARM:
- http://security.debian.org/dists/stable/updates/main/binary-arm/zope_2.1.6-10_arm.deb
- Intel IA-32:
- http://security.debian.org/dists/stable/updates/main/binary-i386/zope_2.1.6-10_i386.deb
- Motorola 680x0:
- http://security.debian.org/dists/stable/updates/main/binary-m68k/zope_2.1.6-10_m68k.deb
- PowerPC:
- http://security.debian.org/dists/stable/updates/main/binary-powerpc/zope_2.1.6-10_powerpc.deb
- Sun Sparc:
- http://security.debian.org/dists/stable/updates/main/binary-sparc/zope_2.1.6-10_sparc.deb
MD5 checksums of the listed files are available in the original advisory.