CVE-2006-3458
CVSS2.1
发布时间 :2006-07-07 19:05:00
修订时间 :2011-03-10 00:00:00
NMCOPS    

[原文]Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the "raw" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files.


[CNNVD]Zope Docutils模块信息泄露漏洞(CNNVD-200607-101)

        Zope是一款基于Python的开放源代码内容管理系统服务程序。
        Zope的docutils模块在解析和渲染重新构造的文件时存在错误,允许远程攻击者通过原始的reStructuredText指令泄漏某些信息。

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:zope:zope:2.7.8Zope 2.7.8
cpe:/a:zope:zope:2.8.0
cpe:/a:zope:zope:2.9.0
cpe:/a:zope:zope:2.8.1Zope 2.8.1
cpe:/a:zope:zope:2.8.7
cpe:/a:zope:zope:2.8.6Zope 2.8.6
cpe:/a:zope:zope:2.7.6Zope 2.7.6
cpe:/a:zope:zope:2.8.2
cpe:/a:zope:zope:2.9.2Zope 2.9.2
cpe:/a:zope:zope:2.9.1
cpe:/a:zope:zope:2.8.3
cpe:/a:zope:zope:2.7.2
cpe:/a:zope:zope:2.7.3Zope 2.7.3
cpe:/a:zope:zope:2.9.3Zope 2.9.3
cpe:/a:zope:zope:2.8.5
cpe:/a:zope:zope:2.7.1
cpe:/a:zope:zope:2.7.5Zope 2.7.5
cpe:/a:zope:zope:2.7.7Zope 2.7.7
cpe:/a:zope:zope:2.8.4Zope 2.8.4
cpe:/a:zope:zope:2.7.0Zope 2.7.0
cpe:/a:zope:zope:2.7.4Zope 2.7.4

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3458
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3458
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200607-101
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/27636
(UNKNOWN)  XF  zope-docutils-information-disclosure(27636)
http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/README.txt
(UNKNOWN)  CONFIRM  http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/README.txt
http://www.vupen.com/english/advisories/2006/2681
(VENDOR_ADVISORY)  VUPEN  ADV-2006-2681
http://www.ubuntulinux.org/support/documentation/usn/usn-317-1
(UNKNOWN)  UBUNTU  USN-317-1
http://www.securityfocus.com/bid/18856
(UNKNOWN)  BID  18856
http://www.novell.com/linux/security/advisories/2006_19_sr.html
(UNKNOWN)  SUSE  SUSE-SR:2006:019
http://www.debian.org/security/2006/dsa-1113
(UNKNOWN)  DEBIAN  DSA-1113
http://secunia.com/advisories/21459
(VENDOR_ADVISORY)  SECUNIA  21459
http://secunia.com/advisories/21130
(VENDOR_ADVISORY)  SECUNIA  21130
http://secunia.com/advisories/21025
(VENDOR_ADVISORY)  SECUNIA  21025
http://secunia.com/advisories/20988
(VENDOR_ADVISORY)  SECUNIA  20988
http://mail.zope.org/pipermail/zope-announce/2006-July/001984.html
(UNKNOWN)  MLIST  [Zope-announce] 20060706 Serious security problem with Zope 2

- 漏洞信息

Zope Docutils模块信息泄露漏洞
低危 输入验证
2006-07-07 00:00:00 2006-07-25 00:00:00
远程  
        Zope是一款基于Python的开放源代码内容管理系统服务程序。
        Zope的docutils模块在解析和渲染重新构造的文件时存在错误,允许远程攻击者通过原始的reStructuredText指令泄漏某些信息。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/

- 漏洞信息 (F48404)

Debian Linux Security Advisory 1113-1 (PacketStormID:F48404)
2006-07-20 00:00:00
Debian  debian.org
advisory,web,arbitrary
linux,debian
CVE-2006-3458
[点击下载]

Debian Security Advisory 1113-1 - It was discovered that the Zope web application server allows read access to arbitrary pages on the server, if a user has the privilege to edit "restructured text" pages.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1113-1                    security@debian.org
http://www.debian.org/security/                         Moritz Muehlenhoff
July 18th, 2006                         http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : zope2.7
Vulnerability  : programming error
Problem-Type   : remote
Debian-specific: no
CVE ID         : CVE-2006-3458
Debian Bug     : 377277

It was discovered that the Zope web application server allows read access
to arbitrary pages on the server, if a user has the privilege to edit
"restructured text" pages.

For the stable distribution (sarge) this problem has been fixed in
version 2.7.5-2sarge2.

The unstable distribution (sid) does no longer contain Zope 2.7 packages.

We recommend that you upgrade your zope2.7 package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge2.dsc
      Size/MD5 checksum:      906 e23c6dc88c7af48940e86fa41f97d536
    http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge2.diff.gz
      Size/MD5 checksum:    51266 a30c65b102a2ae75eb8e953826ec397b
    http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5.orig.tar.gz
      Size/MD5 checksum:  2885871 5b5c5823c62370d9f7325c6014a49d8b

  Alpha architecture:

    http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge2_alpha.deb
      Size/MD5 checksum:  2669594 3012b1b7c60fbaa2a4e28270d8524993

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge2_amd64.deb
      Size/MD5 checksum:  2661200 a2396ea45bdee6684526e50bbd91d407

  ARM architecture:

    http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge2_arm.deb
      Size/MD5 checksum:  2615998 94eba92b3e764b1409d9f204752c145d

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge2_i386.deb
      Size/MD5 checksum:  2608476 0d2255ee8404c285df5d218ff1720ca1

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge2_ia64.deb
      Size/MD5 checksum:  2959536 3f930a43af8b566f3ea791d7dd37b5cd

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge2_hppa.deb
      Size/MD5 checksum:  2736776 55734b807c8b20f65e6e0df0e2e27820

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge2_m68k.deb
      Size/MD5 checksum:  2601508 29c0606574cb83e54d8df984e0a45b25

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge2_mips.deb
      Size/MD5 checksum:  2675708 d48d0ef186ac908b5ab29c930e12dcb7

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge2_mipsel.deb
      Size/MD5 checksum:  2678350 2f8078005091cea22255944c8f5d0953

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge2_powerpc.deb
      Size/MD5 checksum:  2724040 ea43d949c6e6d8970d58088dc112bc78

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge2_s390.deb
      Size/MD5 checksum:  2663274 140d55d68fdcbe8397f3d0ec13087f7e

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge2_sparc.deb
      Size/MD5 checksum:  2670674 cbdb9f302896fd372cd583be41a8ec2a

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEvVCnXm3vHE4uyloRAlQ2AJ9jb+33gTkXw9uR2dpWFbjY6vPU2QCfUNQ9
httpW0iB9j8ethB8nAad83w=
=P+hr
-----END PGP SIGNATURE-----

    

- 漏洞信息

27125
Zope docutils reStructuredText raw Directive Unspecified Information Disclosure
Information Disclosure
Loss of Confidentiality Upgrade
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2006-07-05 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Zope Docutils Information Disclosure Vulnerability
Input Validation Error 18856
Yes No
2006-07-05 12:00:00 2006-09-04 07:13:00
Tres Seaver is credited with the discovery of this vulnerability.

- 受影响的程序版本

Zope Zope 2.9.3
Zope Zope 2.9.2
Zope Zope 2.9.1
Zope Zope 2.9
Zope Zope 2.8.7
Zope Zope 2.8.6
Zope Zope 2.8.5
Zope Zope 2.8.4
Zope Zope 2.8.3
Zope Zope 2.8.2
Zope Zope 2.8.1
Zope Zope 2.7.8
Zope Zope 2.7.7
Zope Zope 2.7.6
Zope Zope 2.7.5
Zope Zope 2.7.4
Zope Zope 2.7.3
Zope Zope 2.7.2
Zope Zope 2.7.1
Zope Zope 2.7 .0 BETA4
Zope Zope 2.7 .0 BETA3
Zope Zope 2.7 .0 BETA2
Zope Zope 2.7 .0 BETA1
Ubuntu Ubuntu Linux 5.10 sparc
Ubuntu Ubuntu Linux 5.10 powerpc
Ubuntu Ubuntu Linux 5.10 i386
Ubuntu Ubuntu Linux 5.10 amd64
SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
SuSE SUSE Linux Enterprise Server 10
SuSE SUSE Linux Enterprise Desktop 10
S.u.S.E. UnitedLinux 1.0
S.u.S.E. SuSE Linux Standard Server 8.0
S.u.S.E. SuSE Linux School Server for i386
S.u.S.E. SUSE LINUX Retail Solution 8.0
S.u.S.E. Open-Enterprise-Server 9.0
S.u.S.E. Open-Enterprise-Server 1
S.u.S.E. Office Server
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Novell Linux Desktop 1.0
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Professional 10.1
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 10.1
S.u.S.E. Linux Openexchange Server
S.u.S.E. Linux Office Server
S.u.S.E. Linux Enterprise Server for S/390 9.0
S.u.S.E. Linux Enterprise Server for S/390
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Database Server 0
S.u.S.E. Linux Connectivity Server
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1

- 漏洞讨论

Zope is prone to an information-disclosure vulnerability.

This issue is due to an error in the 'docutils' module when parsing and rendering text.

An attacker can exploit this issue by creating a web page with restructured text to access arbitrary files.

Versions 2.7.0 to 2.9.3 are vulnerable.

- 漏洞利用

Attackers can exploit this issue through a web client.

- 解决方案

The vendor has released a fix to address this issue.

Please see the references for vendor advisories and more information.


Zope Zope 2.7.5

Zope Zope 2.8.1

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站