Bug 631772 (CVE-2010-3198)
Summary: | CVE-2010-3198 Zope: Zope child threads termination due unhandled exceptions in PluggableAuthService (PAS) | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NEXTRELEASE | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | cluster-maint, jpokorny, jrusnack, rmccabe |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-08-01 12:57:22 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 772292 | ||
Bug Blocks: | 711503 |
Description
Jan Lieskovsky
2010-09-08 11:13:47 UTC
Public proof of concept (from [2]): ==================================== The easiest way to trigger this behaviour, is buildout. Create this buildout.cfg: [buildout] extends=http://svn.plone.org/svn/collective/buildout/plonetest/plone-3.3.5.cfg Get yourself a copy of bootstrap.py and run buildout. * Start Zope * Create a new Plone site * Add a new page, make it private. * Log out * As anonymous, manually craft the following URL: http://yoursite/plone/new_page?came_from:list=123 This issue affects the version of the zope package, as present within EPEL-5 repository. Please fix. Statement: Not vulnerable. This issue did not affect the versions of conga as shipped with Red Hat Cluster Suite for Red Hat Enterprise Linux 4 and as shipped with Red Hat Enterprise Linux 5 as they use own internal mechanism to verify if user requesting particular page is authenticated. Plone private pages permissions configuration mechanism is not used in conga. Created zope tracking bugs for this issue Affects: epel-5 [bug 772292] |