CVE-2006-3458 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2006-3458 Interim 1 5 2025-04-11T23:40:01Z current 2021-05-30T12:36:11Z 2025-04-11T23:40:01Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2006-3458 Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the "raw" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7VQ35PXB7NQYKGW343Q2ZLKZK4GZLZSG/#7VQ35PXB7NQYKGW343Q2ZLKZK4GZLZSG E-Mail link for SUSE-SR:2006:019 https://www.suse.com/support/security/rating/ SUSE Security Ratings Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the "raw" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files. CVE-2006-3458 low 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N