BID:1577

Zope Unauthorized Role Access Vulnerability

Info

Zope Unauthorized Role Access Vulnerability

Bugtraq ID:	1577
Class:	Access Validation Error
CVE:
Remote:	No
Local:	Yes
Published:	Dec 15 2000 12:00AM
Updated:	Dec 15 2000 12:00AM
Credit:	This vulnerability was discovered by Erik Enge, and announced by Brian Lloyd <[email protected]> on December 15, 2000.
Vulnerable:	Zope Zope 2.2.4 + Debian Linux 2.2 sparc + Debian Linux 2.2 powerpc + Debian Linux 2.2 arm + Debian Linux 2.2 alpha + Debian Linux 2.2 68k + Debian Linux 2.2 + MandrakeSoft Corporate Server 1.0.1 + Mandriva Linux Mandrake 7.2 + Mandriva Linux Mandrake 7.1 + Redhat Linux 7.0 sparc + Redhat Linux 7.0 i386 + Redhat Linux 7.0 alpha + Redhat Linux 6.2 sparc + Redhat Linux 6.2 i386 + Redhat Linux 6.2 alpha + Redhat Linux 6.1 sparc + Redhat Linux 6.1 i386 + Redhat Linux 6.1 alpha Zope Zope 2.2.3 Zope Zope 2.2.2 Zope Zope 2.2.1 Zope Zope 2.2 .0 Zope Zope 2.2 beta1 Zope Zope 2.2 Zope Zope 2.1.7 Zope Zope 2.1.1 Zope Zope 2.1 .x - Debian Linux 2.2 sparc - Debian Linux 2.2 powerpc - Debian Linux 2.2 arm - Debian Linux 2.2 alpha - Debian Linux 2.2 + Redhat PowerTools 6.2 + Redhat PowerTools 6.1 Zope Zope 1.10.3

Not Vulnerable:

Discussion

Zope Unauthorized Role Access Vulnerability

Zope is a dynamic HTML management package, maintained by the Zope Project. A vulnerability exists that may allow users to gain elevated privileges.

The problem comes from the calculation of local roles. A problem in the computation climbing the wrong hierarchy of folders created a situation where local users would be given access to roles they were not members of or not authorized access in. This situation makes it possible for users with malicious intent to generate the circumstances necessary for the computation to grant unauthorized access, and exploit the issue to gain elevated privileges.

Exploit / POC

Zope Unauthorized Role Access Vulnerability

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].

Solution / Fix

Zope Unauthorized Role Access Vulnerability

Solution:
Users of Red Hat PowerTools 6.1 should upgrade to the version of Zope provided with PowerTools 6.2 available from ftp://ftp.redhat.com/pub/redhat/powertools/6.2/ and then apply this hotfix.

Debian GNU/Linux 2.2 alias potato
- ---------------------------------

Source archives:
http://security.debian.org/dists/potato/updates/main/source/zope_2.1.6-5.2.diff.gz
MD5 checksum: 2b2a0c23b842b5799520c57de2678292
http://security.debian.org/dists/potato/updates/main/source/zope_2.1.6-5.2.dsc
MD5 checksum: 04b8ff47d816bdeb5291e372e5e10006
http://security.debian.org/dists/potato/updates/main/source/zope_2.1.6.orig.tar.gz
MD5 checksum: 6ec4320afd6925c24f9f1b5cd7c4d7c5
Alpha architecture:
http://security.debian.org/dists/potato/updates/main/binary-alpha/zope_2.1.6-5.2_alpha.deb
MD5 checksum: 0f7062e8a0b7449887cba647de996fda
Arm architecture:
http://security.debian.org/dists/potato/updates/main/binary-arm/zope_2.1.6-5.2_arm.deb
MD5 checksum: 64ce5c2f0edb255ccc89b8006cc2f0d2
Intel ia32 architecture:
http://security.debian.org/dists/potato/updates/main/binary-i386/zope_2.1.6-5.2_i386.deb
MD5 checksum: b105defbc9f1d66bb2cb89ef05b94d40
Motorola 680x0 architecture:
Will be available shortly
PowerPC architecture:
Will be available shortly
Sun Sparc architecture:
http://security.debian.org/dists/potato/updates/main/binary-sparc/zope_2.1.6-5.2_sparc.deb
MD5 checksum: d1cefd0a6d40e3b1f00889b7b2d489a9

Zope Zope 1.10.3