• info
• discussion
• exploit
• solution
• references

Zope ZCatalog Plug-In Remote Method Vulnerability

Solution:
Debian has released advisory DSA 490-1 to address this issue. Please see the attached advisory for details on obtaining and applying fixes.

Fixes available:


Zope Zope 2.4 .0

• Zope Hotfix_2002-06-14.tgz
  http://www.zope.org/Products/Zope/Hotfix_2002-06-14/Hotfix_2002-06-14. tgz

Zope Zope 2.4.1

• Zope Hotfix_2002-06-14.tgz
  http://www.zope.org/Products/Zope/Hotfix_2002-06-14/Hotfix_2002-06-14. tgz

Zope Zope 2.4.2

• Zope Hotfix_2002-06-14.tgz
  http://www.zope.org/Products/Zope/Hotfix_2002-06-14/Hotfix_2002-06-14. tgz

Zope Zope 2.4.3

• Zope Hotfix_2002-06-14.tgz
  http://www.zope.org/Products/Zope/Hotfix_2002-06-14/Hotfix_2002-06-14. tgz

Zope Zope 2.4.4 b1

• Zope Hotfix_2002-06-14.tgz
  http://www.zope.org/Products/Zope/Hotfix_2002-06-14/Hotfix_2002-06-14. tgz

Zope Zope 2.5 .0

• Zope Hotfix_2002-06-14.tgz
  http://www.zope.org/Products/Zope/Hotfix_2002-06-14/Hotfix_2002-06-14. tgz

Zope Zope 2.5.1

• Debian zope_2.5.1-1woody1_alpha.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1 _alpha.deb


• Debian zope_2.5.1-1woody1_arm.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1 _arm.deb


• Debian zope_2.5.1-1woody1_hppa.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1 _hppa.deb


• Debian zope_2.5.1-1woody1_i386.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1 _i386.deb


• Debian zope_2.5.1-1woody1_ia64.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1 _ia64.deb


• Debian zope_2.5.1-1woody1_m68k.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1 _m68k.deb


• Debian zope_2.5.1-1woody1_mips.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1 _mips.deb


• Debian zope_2.5.1-1woody1_mipsel.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1 _mipsel.deb


• Debian zope_2.5.1-1woody1_powerpc.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1 _powerpc.deb


• Debian zope_2.5.1-1woody1_s390.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1 _s390.deb


• Debian zope_2.5.1-1woody1_sparc.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1 _sparc.deb


• Zope Hotfix_2002-06-14.tgz
  http://www.zope.org/Products/Zope/Hotfix_2002-06-14/Hotfix_2002-06-14. tgz