eZ Publish No Policy Function Unspecified Vulnerability

Bugtraq ID:	25539
Class:	Unknown
CVE:	CVE-2007-4493
Remote:	Yes
Local:	No
Published:	Sep 04 2007 12:00AM
Updated:	Sep 05 2007 10:01PM
Credit:	The vendor disclosed this issue.
Vulnerable:	eZ Systems eZ publish 3.9.2 eZ Systems eZ publish 3.9.1 eZ Systems eZ publish 3.9 eZ Systems eZ publish 3.8.8
Not Vulnerable:	eZ Systems eZ publish 3.9.3 eZ Systems eZ publish 3.8.9

eZ Publish No Policy Function Unspecified Vulnerability

eZ Publish is prone to an unspecified vulnerability.

Very few details are available regarding this issue. We will update this BID as more information emerges.

eZ Publish No Policy Function Unspecified Vulnerability

Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

eZ Publish No Policy Function Unspecified Vulnerability

Solution:
The vendor released updates to address this issue. Please see the references for more information.


eZ Systems eZ publish 3.8.8

• eZ Systems ezpublish-3.8.9-gpl.tar.gz
  http://ez.no/content/download/206242/1364183/file/ezpublish-3.8.9-gpl. tar.gz

eZ Systems eZ publish 3.9

• eZ Systems ezpublish-3.9.3-gpl.tar.bz2
  http://ez.no/content/download/206289/1364343/file/ezpublish-3.9.3-gpl. tar.bz2

eZ Systems eZ publish 3.9.1

• eZ Systems ezpublish-3.9.3-gpl.tar.bz2
  http://ez.no/content/download/206289/1364343/file/ezpublish-3.9.3-gpl. tar.bz2

eZ Systems eZ publish 3.9.2

• eZ Systems ezpublish-3.9.3-gpl.tar.bz2
  http://ez.no/content/download/206289/1364343/file/ezpublish-3.9.3-gpl. tar.bz2

eZ Publish No Policy Function Unspecified Vulnerability

References:

• eZ Publish Changelog 3.9.2 to 3.9.3 (eZ Systems)
  
• eZ Publish Web Site (eZ Systems)
  
• eZ Publish security fixes 3.9.3 and 3.8.9 (eZ Systems)