Il 29/09/2011 19:14, Fabrizio Rota ha scritto:
Mi ricorda tanto le scalate di privilegi delle altre volte........
Peggio, con questo esegui comandi come utente plone, come ad esempio
cancellare tutto il contenuto delle directory dell'utente plone (e
quindi l'istanza).
2011/9/29 Yuri <[email protected] <mailto:[email protected]>>
oh, no, ancora! :-D
-------- Messaggio originale --------
Oggetto: [Plone-Users] Security Announcement: Severe
Vulnerability - Patch Pre-Announcement
Data: Wed, 28 Sep 2011 13:54:49 -0700
Mittente: Steve McMahon <[email protected] <mailto:[email protected]>>
A: plone_users <[email protected]
<mailto:[email protected]>>, Plone Developers
<[email protected]
<mailto:[email protected]>>
During a security audit conducted by a member of the Plone
Security Team, a severe vulnerability was discovered in Zope
2.12.x and Zope 2.13.x that allows execution of arbitrary code by
anonymous users.
*
*The vulnerability affects Plone 4.0 (through 4.0.9); Plone 4.1;
Plone 4.2 (a1 and a2); Zope 2.12.x and Zope 2.13.x. It allows an
unauthenticated attacker to employ a carefully crafted web request
to execute arbitrary commands with the privileges of the
Zope/Plone service.
*A patch will be available 2011-10-04, at 15:00 UTC.*
Please carefully read h
<goog_188554871>ttp://plone.org/products/plone/security/advisories/20110928
<http://plone.org/products/plone/security/advisories/20110928> for
more details.
*General questions**about this announcement*, Plone patching
procedures, and availability of support may be addressed to
thePlone support forums <http://plone.org/support>. If you
have*specific questions*about this vulnerability or its handling,
contact thePlone Security Team <mailto:[email protected]
<mailto:[email protected]>>.
*To report potentially security-related issues**,*please send a
mail to the Plone Security Team [email protected]
<mailto:[email protected]> <mailto:[email protected]
<mailto:[email protected]>>. The security team is always happy to
credit individuals and companies who make responsible disclosures.
_______________________________________________
Plone-IT mailing list
[email protected] <mailto:[email protected]>
https://lists.plone.org/mailman/listinfo/plone-plone-it
http://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html
--
Fabrizio
--------------------
"Life is what happens to you while you're busy making other plans" -
J. Lennon
“If you think education is expensive, try ignorance” - D. Bok
Life is like a game of cards. The hand you are dealt is determinism;
the way you play it is free will - Jawaharlal Nehru
_______________________________________________
Plone-IT mailing list
[email protected]
https://lists.plone.org/mailman/listinfo/plone-plone-it
http://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html
_______________________________________________
Plone-IT mailing list
[email protected]
https://lists.plone.org/mailman/listinfo/plone-plone-it
http://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html
