EriZone – Security Advisory

Posted by on nov 27, 2017 in EriZone & OTRS, EriZone Security Advisories | 0 comments

A vulnerability has been detected on the agent interface of the EriZone – OTRS system. The following is valid for all OTRS 3.3.x, Erizone 3.x and EriZone 5.x systems.

This vulnerability takes advantage of a Code injection in Kernel/System/Spelling.pm and is classified with a severity of 8.6 (high).

To guarantee the security of your system, we recommend applying last released patches.

 
For EriZone 5.2:

Via Admin >> Package Manager
Click on “Update repository information” and upgrade the packages strictly in the following sequence:

  • EriZoneCore
  • EriZoneTheme

 

For EriZone 3.6:

Via Admin >> Package Manager
Click on “Update repository information” and upgrade package:

  • EriZoneCore

 

For both systems, after previous procedure use a console to launch following commands:

  • /opt/otrs/scripts/EriZone/erizone.global_makelink
  • /opt/otrs/scripts/EriZone/Permissions.sh
  • /opt/otrs/scripts/EriZone/RestartEriZone.sh

 

Further information regarding this topic can be found on https://www.otrs.com/security-advisory-2017-07-security-update-otrs-framework/

The update on Erizone 5.2 will also fix some other theme bugs.

 


 

Technical details:

  • Date: 2017-11-21
  • Title: Remote code execution
  • Severity: 8.6 high
  • Product: OTRS 3.3.*, EriZone 3.* and EriZone 5.*
  • ID: OSA-2017-07
Read More

Erizone – Avviso di sicurezza

Posted by on set 21, 2017 in EriZone & OTRS, EriZone Security Advisories | 0 comments

È stata scoperta una vulnerabilità nell’interfaccia agente dei sistemi EriZone – OTRS che coinvolge tutti i sistemi OTRS 3.3.*, Erizone 3.x ed Erizone 5.x.

Tale vulnerabilità sfrutta una falla nel sistema di statistiche lato agente e gli è stata assegnata una criticità di livello alto.

Al fine di garantire la sicurezza del sistema è consigliabile applicare le ultime patch rilasciate.

 
Per EriZone 5.2:

Via Admin >> Package Manager
Cliccare su “Update repository information” ed aggiornare i pacchetti in questo esatto ordine:

  • EriZoneCore
  • EriZoneServiceDeskEnhancement
  • EriZoneTheme

 

Per EriZone 3.6:

Via Admin >> Package Manager
Cliccare su “Update repository information” ed aggiornare il pacchetto:

  • EriZoneCore

 

Per entrambi i sistemi, collegarsi poi in SSH sulla macchina ed eseguire I seguenti comandi:

  • /opt/otrs/scripts/EriZone/erizone.global_makelink
  • /opt/otrs/scripts/EriZone/Permissions.sh
  • /opt/otrs/scripts/EriZone/RestartEriZone.sh

 

Per maggiori informazioni riguardo la vulnerabilità in oggetto è possibile consultare il seguente link: https://www.otrs.com/security-advisory-2017-04-security-update-otrs-versions/

Le patch per Erizone 5.2 comprendono due ulteriori bugfix.

 


 

Technical details:

  • Date: 2017-09-19
  • Title: Code Injection / Privilege Escalation OTRS
  • Severity: High
  • Product: OTRS 3.3.*, EriZone 3.* and EriZone 5.*
  • ID: OSA-2017-04
Read More