发布时间 :2006-07-07 19:05:00
修订时间 :2011-03-10 00:00:00

[原文]Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the "raw" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files.

[CNNVD]Zope Docutils模块信息泄露漏洞(CNNVD-200607-101)


- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:zope:zope:2.7.8Zope 2.7.8
cpe:/a:zope:zope:2.8.1Zope 2.8.1
cpe:/a:zope:zope:2.8.6Zope 2.8.6
cpe:/a:zope:zope:2.7.6Zope 2.7.6
cpe:/a:zope:zope:2.9.2Zope 2.9.2
cpe:/a:zope:zope:2.7.3Zope 2.7.3
cpe:/a:zope:zope:2.9.3Zope 2.9.3
cpe:/a:zope:zope:2.7.5Zope 2.7.5
cpe:/a:zope:zope:2.7.7Zope 2.7.7
cpe:/a:zope:zope:2.8.4Zope 2.8.4
cpe:/a:zope:zope:2.7.0Zope 2.7.0
cpe:/a:zope:zope:2.7.4Zope 2.7.4

- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  XF  zope-docutils-information-disclosure(27636)
(UNKNOWN)  BID  18856
(UNKNOWN)  MLIST  [Zope-announce] 20060706 Serious security problem with Zope 2

- 漏洞信息

Zope Docutils模块信息泄露漏洞
低危 输入验证
2006-07-07 00:00:00 2006-07-25 00:00:00

- 公告与补丁


- 漏洞信息 (F48404)

Debian Linux Security Advisory 1113-1 (PacketStormID:F48404)
2006-07-20 00:00:00

Debian Security Advisory 1113-1 - It was discovered that the Zope web application server allows read access to arbitrary pages on the server, if a user has the privilege to edit "restructured text" pages.

Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1113-1                                   Moritz Muehlenhoff
July 18th, 2006               
- --------------------------------------------------------------------------

Package        : zope2.7
Vulnerability  : programming error
Problem-Type   : remote
Debian-specific: no
CVE ID         : CVE-2006-3458
Debian Bug     : 377277

It was discovered that the Zope web application server allows read access
to arbitrary pages on the server, if a user has the privilege to edit
"restructured text" pages.

For the stable distribution (sarge) this problem has been fixed in
version 2.7.5-2sarge2.

The unstable distribution (sid) does no longer contain Zope 2.7 packages.

We recommend that you upgrade your zope2.7 package.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:
      Size/MD5 checksum:      906 e23c6dc88c7af48940e86fa41f97d536
      Size/MD5 checksum:    51266 a30c65b102a2ae75eb8e953826ec397b
      Size/MD5 checksum:  2885871 5b5c5823c62370d9f7325c6014a49d8b

  Alpha architecture:
      Size/MD5 checksum:  2669594 3012b1b7c60fbaa2a4e28270d8524993

  AMD64 architecture:
      Size/MD5 checksum:  2661200 a2396ea45bdee6684526e50bbd91d407

  ARM architecture:
      Size/MD5 checksum:  2615998 94eba92b3e764b1409d9f204752c145d

  Intel IA-32 architecture:
      Size/MD5 checksum:  2608476 0d2255ee8404c285df5d218ff1720ca1

  Intel IA-64 architecture:
      Size/MD5 checksum:  2959536 3f930a43af8b566f3ea791d7dd37b5cd

  HP Precision architecture:
      Size/MD5 checksum:  2736776 55734b807c8b20f65e6e0df0e2e27820

  Motorola 680x0 architecture:
      Size/MD5 checksum:  2601508 29c0606574cb83e54d8df984e0a45b25

  Big endian MIPS architecture:
      Size/MD5 checksum:  2675708 d48d0ef186ac908b5ab29c930e12dcb7

  Little endian MIPS architecture:
      Size/MD5 checksum:  2678350 2f8078005091cea22255944c8f5d0953

  PowerPC architecture:
      Size/MD5 checksum:  2724040 ea43d949c6e6d8970d58088dc112bc78

  IBM S/390 architecture:
      Size/MD5 checksum:  2663274 140d55d68fdcbe8397f3d0ec13087f7e

  Sun Sparc architecture:
      Size/MD5 checksum:  2670674 cbdb9f302896fd372cd583be41a8ec2a

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list:
Package info: `apt-cache show <pkg>' and<pkg>
Version: GnuPG v1.4.3 (GNU/Linux)



- 漏洞信息

Zope docutils reStructuredText raw Directive Unspecified Information Disclosure
Information Disclosure
Loss of Confidentiality Upgrade
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2006-07-05 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Zope Docutils Information Disclosure Vulnerability
Input Validation Error 18856
Yes No
2006-07-05 12:00:00 2006-09-04 07:13:00
Tres Seaver is credited with the discovery of this vulnerability.

- 受影响的程序版本

Zope Zope 2.9.3
Zope Zope 2.9.2
Zope Zope 2.9.1
Zope Zope 2.9
Zope Zope 2.8.7
Zope Zope 2.8.6
Zope Zope 2.8.5
Zope Zope 2.8.4
Zope Zope 2.8.3
Zope Zope 2.8.2
Zope Zope 2.8.1
Zope Zope 2.7.8
Zope Zope 2.7.7
Zope Zope 2.7.6
Zope Zope 2.7.5
Zope Zope 2.7.4
Zope Zope 2.7.3
Zope Zope 2.7.2
Zope Zope 2.7.1
Zope Zope 2.7 .0 BETA4
Zope Zope 2.7 .0 BETA3
Zope Zope 2.7 .0 BETA2
Zope Zope 2.7 .0 BETA1
Ubuntu Ubuntu Linux 5.10 sparc
Ubuntu Ubuntu Linux 5.10 powerpc
Ubuntu Ubuntu Linux 5.10 i386
Ubuntu Ubuntu Linux 5.10 amd64
SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
SuSE SUSE Linux Enterprise Server 10
SuSE SUSE Linux Enterprise Desktop 10
S.u.S.E. UnitedLinux 1.0
S.u.S.E. SuSE Linux Standard Server 8.0
S.u.S.E. SuSE Linux School Server for i386
S.u.S.E. SUSE LINUX Retail Solution 8.0
S.u.S.E. Open-Enterprise-Server 9.0
S.u.S.E. Open-Enterprise-Server 1
S.u.S.E. Office Server
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Novell Linux Desktop 1.0
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Professional 10.1
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 10.1
S.u.S.E. Linux Openexchange Server
S.u.S.E. Linux Office Server
S.u.S.E. Linux Enterprise Server for S/390 9.0
S.u.S.E. Linux Enterprise Server for S/390
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Database Server 0
S.u.S.E. Linux Connectivity Server
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1

- 漏洞讨论

Zope is prone to an information-disclosure vulnerability.

This issue is due to an error in the 'docutils' module when parsing and rendering text.

An attacker can exploit this issue by creating a web page with restructured text to access arbitrary files.

Versions 2.7.0 to 2.9.3 are vulnerable.

- 漏洞利用

Attackers can exploit this issue through a web client.

- 解决方案

The vendor has released a fix to address this issue.

Please see the references for vendor advisories and more information.

Zope Zope 2.7.5

Zope Zope 2.8.1

- 相关参考