It was detected a vulnerability on the agent interface of the EriZone – OTRS system. The following is valid for all OTRS, Erizone 3.x and EriZone 5.x systems

The severity of this vulnerability has been categorized with “high”.

To guarantee the security of your system, we recommend to disable the Installer.pm module.
Modify the file /opt/erizone/otrs/Kernel/Config.pm and insert following lines:

# Security FIX # WP 31.05.2017
delete $Self->{'Frontend::Module'}->{Installer};

This lines has to be inserted directly after the following code block:

# ----------------------------------------------- #
# fs root directory
# ----------------------------------------------- #

$Self->{Home} = '/opt/otrs';

Further information regarding this topic can be found on http://www.cvedetails.com/cve/CVE-2014-9324/

 


 

Technical details:

  • Date: 2017-05-30
  • Title: Installer Routine Vulnerability
  • Severity: High
  • Product: OTRS 3.2.* EriZone 3.* and EriZone 5.*
  • References: CVE-2017-9324
Luca Franzoi

Luca Franzoi

Service & Support Engineer at Würth Phoenix
Luca Franzoi

Latest posts by Luca Franzoi (see all)

Tags: