docutils in Zope 2.6, 2.7 before 2.7.8, and 2.8 before 2.8.2 allows remote attackers to include arbitrary files via include directives in RestructuredText functionality.

A vulnerability has been discovered in zope 2.7, an Open Source web application server, that allows remote attackers to insert arbitrary files via include directives in reStructuredText functionality.

A Zope Hotfix Alert reports :

This hotfix resolves a security issue with docutils.

Affected are possibly all Zope instances that expose RestructuredText functionalies to untrusted users through the web.

Zope did not deactivate the file inclusion feature when exposing RestructuredText functionalities to untrusted users. A remote user with the privilege of editing Zope webpages with RestructuredText could exploit this to expose arbitrary files that can be read with the privileges of the Zope server, or execute arbitrary Zope code.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-200510-20 (Zope: File inclusion through RestructuredText)

    Zope honors file inclusion directives in RestructuredText objects by     default.
  Impact :

    An attacker could exploit the vulnerability by sending malicious input     that would be interpreted in a RestructuredText Zope object,     potentially resulting in the execution of arbitrary Zope code with the     rights of the Zope server.
  Workaround :

    There is no known workaround at this time.

ID	Name	Product	Family	Severity
22776	Debian DSA-910-1 : zope.2.7 - design error	Nessus	Debian Local Security Checks	high
21514	FreeBSD : zope -- expose RestructuredText functionality to untrusted users (d2b80c7c-3aae-11da-9484-00123ffe8333)	Nessus	FreeBSD Local Security Checks	high
20772	Ubuntu 5.10 : zope2.8 vulnerability (USN-229-1)	Nessus	Ubuntu Local Security Checks	high
20102	GLSA-200510-20 : Zope: File inclusion through RestructuredText	Nessus	Gentoo Local Security Checks	high

Detections

Analytics

CVE-2005-3323

critical

Tenable Plugins

high

high

high

high