CVE-2006-3458

NameCVE-2006-3458
DescriptionZope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the "raw" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-1113
NVD severitylow (attack range: local)
Debian Bugs377277, 377285, 377286
Debian/oldstablenot known to be vulnerable.
Debian/stablenot known to be vulnerable.
Debian/testingnot known to be vulnerable.
Debian/unstablenot known to be vulnerable.

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
zope2.7source(unstable)(unfixed)medium377285
zope2.7sourcesarge2.7.5-2sarge2lowDSA-1113
zope2.8source(unstable)2.8.7-2medium377277
zope2.9source(unstable)2.9.3-3medium377286

Search for package or bug name: Reporting problems