Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2001-2020 Alert4Web.comZOPE_ZCLASS.NASL
HistorySep 28, 2001 - 12:00 a.m.

Zope < 2.3.3 ZClass Permission Mapping Modification Local Privilege Escalation

2001-09-2800:00:00
This script is Copyright (C) 2001-2020 Alert4Web.com
www.tenable.com
10
JSON

The remote web server uses a version of Zope which is older than version 2.3.3. In such versions, any user can visit a ZClass declaration and change the ZClass permission mappings for methods and other objects defined within the ZClass, possibly allowing for unauthorized access within the Zope instance.

*** Nessus solely relied on the version number of the server, so if *** the hotfix has already been applied, this might be a false positive

#
# This script was written by Georges Dagousset <[email protected]>
#
# See the Nessus Scripts License for details
#

# Changes by Tenable:
# - Updated to use compat.inc (11/16/09)
# - Revised plugin title (9/23/09)


include("compat.inc");

if(description)
{
 script_id(10777);
 script_version ("1.25");
 script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12");
 script_cve_id("CVE-2001-0567");
 
 script_name(english:"Zope < 2.3.3 ZClass Permission Mapping Modification Local Privilege Escalation");
 
 script_set_attribute(attribute:"synopsis", value:
"The remote web server contains an application server that is prone
to a privilege escalation flaw." );
 script_set_attribute(attribute:"description", value:
"The remote web server uses a version of Zope which is older than
version 2.3.3.  In such versions, any user can visit a ZClass
declaration and change the ZClass permission mappings for methods and
other objects defined within the ZClass, possibly allowing for
unauthorized access within the Zope instance. 

*** Nessus solely relied on the version number of the server, so if 
*** the hotfix has already been applied, this might be a false positive" );
 script_set_attribute(attribute:"see_also", value:"http://www.zope.org/Products/Zope/Hotfix_2001-05-01/security_alert" );
 script_set_attribute(attribute:"solution", value:
"Upgrade to Zope 2.3.3 or apply the hotfix referenced in the vendor
advisory above." );
 script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");

 script_set_attribute(attribute:"plugin_publication_date", value: "2001/09/28");
 script_set_attribute(attribute:"vuln_publication_date", value: "2001/05/01");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();

 script_summary(english:"Checks Zope version");
 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2001-2020 Alert4Web.com");
 script_family(english:"Web Servers");
 script_dependencie("find_service1.nasl", "http_version.nasl");
 script_require_ports("Services/www", 80);
 script_require_keys("www/zope");
 exit(0);
}

#
# The script code starts here
#

include("global_settings.inc");
include("http_func.inc");


port = get_http_port(default:80, embedded:TRUE);

banner = get_http_banner(port:port);

if(banner)
{
  if(egrep(pattern:"Server: .*Zope 2\.((0\..*)|(1\..*)|(2\..*)|(3\.[0-2]))", 
  		string:banner))
     security_warning(port);
}

Related

openvas 4
cvelist 1
cve 1
nessus 2
openvas
openvas
Zope ZClass Permission Mapping Bug
2005-11-03 00:00:00
Debian Security Advisory DSA 055-1 (gftp)
2008-01-17 00:00:00
Debian Security Advisory DSA 055-1 (gftp)
2008-01-17 00:00:00
cvelist
cvelist
CVE-2001-0567
2002-03-09 05:00:00
cve
cve
CVE-2001-0567
2001-08-14 04:00:00
nessus
nessus
Debian DSA-055-1 : zope - remote unauthorized access
2004-09-29 00:00:00
Mandrake Linux Security Advisory : Zope (MDKSA-2001:049)
2012-09-06 00:00:00
JSON
Related for ZOPE_ZCLASS.NASL
openvas4cvelist1cve1nessus2