1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
- - -------------------------------------------------------------------- |
5 |
GENTOO LINUX SECURITY ANNOUNCEMENT 200210-007 |
6 |
- - -------------------------------------------------------------------- |
7 |
|
8 |
PACKAGE : zope |
9 |
SUMMARY : Incorrect handling of XML-RPC requests |
10 |
DATE : 2002-10-24 15:10 UTC |
11 |
EXPLOIT : remote |
12 |
|
13 |
- - -------------------------------------------------------------------- |
14 |
|
15 |
Zope (www.zope.org) will reveal the complete physical location where the |
16 |
server and its components are installed if it receives "incorrect" XML-RPC |
17 |
requests. |
18 |
In some cases it will reveal also information about the serves in the |
19 |
protected LAN (10.x.x.x for example) on which current server is relaying. |
20 |
|
21 |
More information is available at |
22 |
http://collector.zope.org/Zope/359 |
23 |
|
24 |
SOLUTION |
25 |
|
26 |
It is recommended that all Gentoo Linux users who are running |
27 |
net-www/zope-2.5.1 and earlier update their systems |
28 |
as follows: |
29 |
|
30 |
emerge rsync |
31 |
emerge zope |
32 |
emerge clean |
33 |
|
34 |
- - -------------------------------------------------------------------- |
35 |
aliz@g.o - GnuPG key is available at www.gentoo.org/~aliz |
36 |
- - -------------------------------------------------------------------- |
37 |
-----BEGIN PGP SIGNATURE----- |
38 |
Version: GnuPG v1.2.0 (GNU/Linux) |
39 |
|
40 |
iD8DBQE9uA3IfT7nyhUpoZMRAqJ2AJ4/0CLQWnONWq4k0l8myf2QQ4sk9ACgwbA3 |
41 |
4ZdPm20+wK0ElplUXwugB2Y= |
42 |
=LyVt |
43 |
-----END PGP SIGNATURE----- |