ID OPENVAS:53179 Type openvas Reporter Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com Modified 2017-07-07T00:00:00
Description
The remote host is missing an update to zope
announced via advisory DSA 490-1.
# OpenVAS Vulnerability Test
# $Id: deb_490_1.nasl 6616 2017-07-07 12:10:49Z cfischer $
# Description: Auto-generated from advisory DSA 490-1
#
# Authors:
# Thomas Reinke <reinke@securityspace.com>
#
# Copyright:
# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largerly excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
include("revisions-lib.inc");
tag_insight = "A vulnerability has been discovered in the index support of the
ZCatalog plug-in in Zope, an open source web application server. A
flaw in the security settings of ZCatalog allows anonymous users to
call arbitrary methods of catalog indexes. The vulnerability also
allows untrusted code to do the same.
For the stable distribution (woody) this problem has been fixed in
version 2.5.1-1woody1.
For the unstable distribution (sid) this problem has been fixed in
version 2.6.0-0.1 and higher.
We recommend that you upgrade your zope package.";
tag_summary = "The remote host is missing an update to zope
announced via advisory DSA 490-1.";
tag_solution = "https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20490-1";
if(description)
{
script_id(53179);
script_version("$Revision: 6616 $");
script_tag(name:"last_modification", value:"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $");
script_tag(name:"creation_date", value:"2008-01-17 22:41:51 +0100 (Thu, 17 Jan 2008)");
script_bugtraq_id(5812);
script_cve_id("CVE-2002-0688");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_name("Debian Security Advisory DSA 490-1 (zope)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com");
script_family("Debian Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages");
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "summary" , value : tag_summary);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
#
# The script code starts here
#
include("pkg-lib-deb.inc");
res = "";
report = "";
if ((res = isdpkgvuln(pkg:"zope", ver:"2.5.1-1woody1", rls:"DEB3.0")) != NULL) {
report += res;
}
if (report != "") {
security_message(data:report);
} else if (__pkg_match) {
exit(99); # Not vulnerable.
}
{"id": "OPENVAS:53179", "type": "openvas", "bulletinFamily": "scanner", "title": "Debian Security Advisory DSA 490-1 (zope)", "description": "The remote host is missing an update to zope\nannounced via advisory DSA 490-1.", "published": "2008-01-17T00:00:00", "modified": "2017-07-07T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=53179", "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "references": [], "cvelist": ["CVE-2002-0688"], "lastseen": "2017-07-24T12:50:23", "viewCount": 0, "enchantments": {"score": {"value": 6.3, "vector": "NONE", "modified": "2017-07-24T12:50:23", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2002-0688"]}, {"type": "osvdb", "idList": ["OSVDB:5136"]}, {"type": "debian", "idList": ["DEBIAN:DSA-490-1:0C7D0"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-490.NASL"]}], "modified": "2017-07-24T12:50:23", "rev": 2}, "vulnersScore": 6.3}, "pluginID": "53179", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_490_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 490-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been discovered in the index support of the\nZCatalog plug-in in Zope, an open source web application server. A\nflaw in the security settings of ZCatalog allows anonymous users to\ncall arbitrary methods of catalog indexes. The vulnerability also\nallows untrusted code to do the same.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 2.5.1-1woody1.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 2.6.0-0.1 and higher.\n\nWe recommend that you upgrade your zope package.\";\ntag_summary = \"The remote host is missing an update to zope\nannounced via advisory DSA 490-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20490-1\";\n\nif(description)\n{\n script_id(53179);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:41:51 +0100 (Thu, 17 Jan 2008)\");\n script_bugtraq_id(5812);\n script_cve_id(\"CVE-2002-0688\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 490-1 (zope)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"zope\", ver:\"2.5.1-1woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "Debian Local Security Checks"}
{"cve": [{"lastseen": "2020-10-03T11:36:59", "description": "ZCatalog plug-in index support capability for Zope 2.4.0 through 2.5.1 allows anonymous users and untrusted code to bypass access restrictions and call arbitrary methods of catalog indexes.", "edition": 3, "cvss3": {}, "published": "2002-07-23T04:00:00", "title": "CVE-2002-0688", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2002-0688"], "modified": "2008-09-05T20:28:00", "cpe": ["cpe:/a:zope:zope:2.5.1", "cpe:/a:zope:zope:2.4.0"], "id": "CVE-2002-0688", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0688", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:zope:zope:2.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:zope:zope:2.4.0:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:19:59", "bulletinFamily": "software", "cvelist": ["CVE-2002-0688"], "edition": 1, "description": "# No description provided by the source\n\n## References:\nRedHat RHSA: RHSA-2002:060\nISS X-Force ID: 9610\n[CVE-2002-0688](https://vulners.com/cve/CVE-2002-0688)\nBugtraq ID: 5812\n", "modified": "2004-04-08T23:13:42", "published": "2004-04-08T23:13:42", "href": "https://vulners.com/osvdb/OSVDB:5136", "id": "OSVDB:5136", "title": "Zope ZCatalog Arbitrary Catalog Index and Restriction Bypass", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2019-05-30T02:21:40", "bulletinFamily": "unix", "cvelist": ["CVE-2002-0688"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 490-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nApril 17th, 2004 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : zope\nVulnerability : arbitrary code execution\nProblem-Type : remote\nDebian-specific: no\nCVE ID : CVE-2002-0688\n\nA vulnerability has been discovered in the index support of the\nZCatalog plug-in in Zope, an open source web application server. A\nflaw in the security settings of ZCatalog allows anonymous users to\ncall arbitrary methods of catalog indexes. The vulnerability also\nallows untrusted code to do the same.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 2.5.1-1woody1.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 2.6.0-0.1 and higher.\n\nWe recommend that you upgrade your zope package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1.dsc\n Size/MD5 checksum: 684 bae9669b048bb73ff0fb4de1cba378d4\n http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1.diff.gz\n Size/MD5 checksum: 88172 d8461358bc98af430ed32dd89a45dbcb\n http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1.orig.tar.gz\n Size/MD5 checksum: 2165141 65d502b2acf986693576decad6b837cf\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1_alpha.deb\n Size/MD5 checksum: 2236994 a0eb7df5046ae357d760d18ef8a2619e\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1_arm.deb\n Size/MD5 checksum: 2148088 dba70d7c78d850557783603038bc9947\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1_i386.deb\n Size/MD5 checksum: 2130316 5172bd775bcd0ae107242525cf67b443\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1_ia64.deb\n Size/MD5 checksum: 2388054 51c1ad0503162c4f0e152f233a45b3ca\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1_hppa.deb\n Size/MD5 checksum: 2240312 bbac2d795c157069d27e63ffaf0f3b5c\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1_m68k.deb\n Size/MD5 checksum: 2133690 1662a0ece415a56d4e25ad6f31576b9f\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1_mips.deb\n Size/MD5 checksum: 2172370 5f127d8ac54046e75c6ab9bbfe9224c1\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1_mipsel.deb\n Size/MD5 checksum: 2170856 f57b6a66116df5b30f499f5e4cdab6aa\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1_powerpc.deb\n Size/MD5 checksum: 2168352 2b66d671fe1cb86a84df066902c503d0\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1_s390.deb\n Size/MD5 checksum: 2153234 97df94cbfc71001ce67d6f02e6dde798\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1_sparc.deb\n Size/MD5 checksum: 2212970 5a660d1befe3b8ba2be26439eb1d1b21\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "edition": 2, "modified": "2004-04-17T00:00:00", "published": "2004-04-17T00:00:00", "id": "DEBIAN:DSA-490-1:0C7D0", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2004/msg00090.html", "title": "[SECURITY] [DSA 490-1] New Zope packages fix arbitrary code execution", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-06T10:02:46", "description": "A vulnerability has been discovered in the index support of the\nZCatalog plug-in in Zope, an open source web application server. A\nflaw in the security settings of ZCatalog allows anonymous users to\ncall arbitrary methods of catalog indexes. The vulnerability also\nallows untrusted code to do the same.", "edition": 24, "published": "2004-09-29T00:00:00", "title": "Debian DSA-490-1 : zope - arbitrary code execution", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2002-0688"], "modified": "2004-09-29T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:zope", "cpe:/o:debian:debian_linux:3.0"], "id": "DEBIAN_DSA-490.NASL", "href": "https://www.tenable.com/plugins/nessus/15327", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-490. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(15327);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2002-0688\");\n script_bugtraq_id(5812);\n script_xref(name:\"DSA\", value:\"490\");\n\n script_name(english:\"Debian DSA-490-1 : zope - arbitrary code execution\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability has been discovered in the index support of the\nZCatalog plug-in in Zope, an open source web application server. A\nflaw in the security settings of ZCatalog allows anonymous users to\ncall arbitrary methods of catalog indexes. The vulnerability also\nallows untrusted code to do the same.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2004/dsa-490\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the zope package.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 2.5.1-1woody1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:zope\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/09/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"zope\", reference:\"2.5.1-1woody1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
