Mandrake Linux Security Advisory : Zope (MDKSA-2001:025)

Low Nessus Plugin ID 61899


The remote Mandrake Linux host is missing one or more security updates.


A new Hotfix for Zope has been released that fixes a very important security issue that affects all versions of Zope prior to and including 2.3.1b1. Users can use through-the-web scripting capabilities on a Zope site to view and assign class attributes to ZClasses, possibly allowing them to make inappropriate changes to ZClass instances. As well, perceived security problems with the ObjectManager, PropertyManager and PropertySheet classes have been fixed as well. It is highly recommended that all Linux-Mandrake users using Zope upgrade to these new packages immediately.


Update the affected packages.

Plugin Details

Severity: Low

ID: 61899

File Name: mandrake_MDKSA-2001-025.nasl

Version: $Revision: 1.3 $

Type: local

Published: 2012/09/06

Modified: 2013/05/31

Dependencies: 12634

Risk Information

Risk Factor: Low


Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:Zope, p-cpe:/a:mandriva:linux:Zope-components, p-cpe:/a:mandriva:linux:Zope-core, p-cpe:/a:mandriva:linux:Zope-pcgi, p-cpe:/a:mandriva:linux:Zope-services, p-cpe:/a:mandriva:linux:Zope-zpublisher, p-cpe:/a:mandriva:linux:Zope-zserver, p-cpe:/a:mandriva:linux:Zope-ztemplates, cpe:/o:mandrakesoft:mandrake_linux:7.1, cpe:/o:mandrakesoft:mandrake_linux:7.2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2001/02/26

Reference Information

CVE: CVE-2001-0569

MDKSA: 2001:025