Vulnerabilities > CVE-2001-0567 - Denial-Of-Service vulnerability in Zope 7.1/7.2
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Digital Creations Zope 2.3.2 and earlier allows a local attacker to gain additional privileges via the changing of ZClass permission mappings for objects and methods in the ZClass.
Nessus
NASL family Web Servers NASL id ZOPE_ZCLASS.NASL description The remote web server uses a version of Zope which is older than version 2.3.3. In such versions, any user can visit a ZClass declaration and change the ZClass permission mappings for methods and other objects defined within the ZClass, possibly allowing for unauthorized access within the Zope instance. *** Nessus solely relied on the version number of the server, so if *** the hotfix has already been applied, this might be a false positive last seen 2020-06-01 modified 2020-06-02 plugin id 10777 published 2001-09-28 reporter This script is Copyright (C) 2001-2018 Alert4Web.com source https://www.tenable.com/plugins/nessus/10777 title Zope < 2.3.3 ZClass Permission Mapping Modification Local Privilege Escalation code # # This script was written by Georges Dagousset <[email protected]> # # See the Nessus Scripts License for details # # Changes by Tenable: # - Updated to use compat.inc (11/16/09) # - Revised plugin title (9/23/09) include("compat.inc"); if(description) { script_id(10777); script_version ("1.25"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12"); script_cve_id("CVE-2001-0567"); script_name(english:"Zope < 2.3.3 ZClass Permission Mapping Modification Local Privilege Escalation"); script_set_attribute(attribute:"synopsis", value: "The remote web server contains an application server that is prone to a privilege escalation flaw." ); script_set_attribute(attribute:"description", value: "The remote web server uses a version of Zope which is older than version 2.3.3. In such versions, any user can visit a ZClass declaration and change the ZClass permission mappings for methods and other objects defined within the ZClass, possibly allowing for unauthorized access within the Zope instance. *** Nessus solely relied on the version number of the server, so if *** the hotfix has already been applied, this might be a false positive" ); script_set_attribute(attribute:"see_also", value:"http://www.zope.org/Products/Zope/Hotfix_2001-05-01/security_alert" ); script_set_attribute(attribute:"solution", value: "Upgrade to Zope 2.3.3 or apply the hotfix referenced in the vendor advisory above." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_publication_date", value: "2001/09/28"); script_set_attribute(attribute:"vuln_publication_date", value: "2001/05/01"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_summary(english:"Checks Zope version"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2001-2020 Alert4Web.com"); script_family(english:"Web Servers"); script_dependencie("find_service1.nasl", "http_version.nasl"); script_require_ports("Services/www", 80); script_require_keys("www/zope"); exit(0); } # # The script code starts here # include("global_settings.inc"); include("http_func.inc"); port = get_http_port(default:80, embedded:TRUE); banner = get_http_banner(port:port); if(banner) { if(egrep(pattern:"Server: .*Zope 2\.((0\..*)|(1\..*)|(2\..*)|(3\.[0-2]))", string:banner)) security_warning(port); }NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2001-049.NASL description Another problem was discovered in Zope that fixes a problem with ZClasses. Any user can visit a ZClass declaration and change the ZClass permission mappings for methods and other objects defined within the ZClass, possibly allowing for unauthorized access within the Zope instance. The Zope Hotfix 2001-05-01 corrects this problem. last seen 2020-06-01 modified 2020-06-02 plugin id 61913 published 2012-09-06 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/61913 title Mandrake Linux Security Advisory : Zope (MDKSA-2001:049) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-055.NASL description A new Zope hotfix has been released which fixes a problem in ZClasses. The README for the 2001-05-01 hotfix describes the problem as `any user can visit a ZClass declaration and change the ZClass permission mappings for methods and other objects defined within the ZClass, possibly allowing for unauthorized access within the Zope instance. last seen 2020-06-01 modified 2020-06-02 plugin id 14892 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14892 title Debian DSA-055-1 : zope - remote unauthorized access
Redhat
| advisories |
|
References
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000407
- http://www.debian.org/security/2001/dsa-055
- http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-049.php3
- http://www.redhat.com/support/errata/RHSA-2001-065.html
- http://www.zope.org/Products/Zope/Hotfix_2001-05-01/security_alert
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6958