Mandrake Linux Security Advisory : Zope (MDKSA-2000:083)

High Nessus Plugin ID 61869


The remote Mandrake Linux host is missing one or more security updates.


There is an issue involving security registration of 'legacy' names for certain object constructors such as the constructors for DTML Method Objects. Security was not being applied correctly for the legacy names, making it possible to call those constructors without the permissions that should have been required. This vulnerability could allow anonymous users with enough knowledge of Zope to instantiate new DTML Method instances through the web.


Update the affected packages.

Plugin Details

Severity: High

ID: 61869

File Name: mandrake_MDKSA-2000-083.nasl

Version: $Revision: 1.3 $

Type: local

Published: 2012/09/06

Modified: 2013/05/31

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:Zope, p-cpe:/a:mandriva:linux:Zope-components, p-cpe:/a:mandriva:linux:Zope-core, p-cpe:/a:mandriva:linux:Zope-pcgi, p-cpe:/a:mandriva:linux:Zope-services, p-cpe:/a:mandriva:linux:Zope-zpublisher, p-cpe:/a:mandriva:linux:Zope-zserver, p-cpe:/a:mandriva:linux:Zope-ztemplates, cpe:/o:mandrakesoft:mandrake_linux:7.1, cpe:/o:mandrakesoft:mandrake_linux:7.2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2000/12/16

Reference Information

CVE: CVE-2000-1211

MDKSA: 2000:083