Mandrake Linux Security Advisory : Zope (MDKSA-2000:083)
High Nessus Plugin ID 61869
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionThere is an issue involving security registration of 'legacy' names for certain object constructors such as the constructors for DTML Method Objects. Security was not being applied correctly for the legacy names, making it possible to call those constructors without the permissions that should have been required. This vulnerability could allow anonymous users with enough knowledge of Zope to instantiate new DTML Method instances through the web.
SolutionUpdate the affected packages.