CVE-2007-5741

NameCVE-2007-5741
DescriptionPlone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1405-1, DSA-1405-2
NVD severityhigh (attack range: remote)
Debian Bugs449523

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
zope-cmfplonesource(unstable)2.5.2-2high449523
zope-cmfplonesourceetch2.5.1-4etch2highDSA-1405-2
zope-cmfplonesourcesarge(not affected)

Notes

[sarge] - zope-cmfplone <not-affected> (Upstream confirms that 2.0 branch is not vulnerable)
Fix available:
http://plone.org/about/security/advisories/cve-2007-5741

Search for package or bug name: Reporting problems