[LIH] (fwd) Insecure XML-RPC handling in Zope reveals the distribution physic al location.

Tue, 01 Oct 2002 20:32:08 -0700 

[Information disclosure vulnerability in Zope.  Please upgrade to
2.5.1b2 or the next stable release -- Raju]

This is an RFC 1153 digest.
(1 message)
----------------------------------------------------------------------

Message-ID: <B978FD4A99D0BB449E96C502B7E3993B643927@MAIL>
From: Rossen Raykov <[EMAIL PROTECTED]>
To: "BugTraq (E-mail)" <[EMAIL PROTECTED]>
Subject: Insecure XML-RPC handling in Zope reveals the distribution physic
         al location.
Date: Tue, 1 Oct 2002 09:57:27 -0400 

Zope versions pre 2.5.1b2 do not handle correct some XML-RPC request.

1. Summary:

Zope (www.zope.org) will reveal the complete physical location where the
server and its components are installed if it receives "incorrect" XML-RPC
requests.
In some cases it will reveal also information about the serves in the
protected LAN (10.x.x.x for example) on which current server is relaying.


2. Details:

A request like the quoted below will cause Zope to produce stack traces in
the response that will reveal the information mentioned above.

See http://collector.zope.org/Zope/359 for more details.

Ironically the quoted request was an example how to use XML-RPC.

Note that starting Zope without -D option won't stop the exposure.

telnet localhost 8080
POST /Documentation/comp_tut HTTP/1.0
Host: localhost
Content-Type: text/xml
Content-length: 93

<?xml version="1.0"?>
<methodCall>
<methodName>objectIds</methodName>
<params/>
</methodCall>


3. Vulnerable versions:
    Zope 2.3.2 - Yes (earlier versions ware not tested)
    Zope 2.4.1 (Stable) - Yes
    Zope 2.5.0 (Stable) - Yes
    Zope 2.5.1 (Stable) - Yes
    Zope 2.5.1b2 (Development) - Not
    Zope 2.6.0b1 (Development) - Not


4. Solution:
    Upgrade to 2.6.0b1 (Development) if possible.


5. Vendor information

    Notification was send to the vendor on March 22, 2002
    The issue was officially resolved on Aug 29, 2002 but only in v2.6.0.


Regards,
Rossen Raykov


---
Rossen Raykov
COGNICASE U.S.A. Inc.
(908) 860-1100 Ext. 1140
[EMAIL PROTECTED]

------------------------------

End of this Digest
******************

-- 
Raju Mathur               [EMAIL PROTECTED]      http://kandalaya.org/
                      It is the mind that moves


-------------------------------------------------------
This sf.net email is sponsored by: DEDICATED SERVERS only $89!
Linux or FreeBSD, FREE setup, FAST network. Get your own server 
today at http://www.ServePath.com/indexfm.htm
_______________________________________________
linux-india-help mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/linux-india-help

Reply via email to