31. 05. 2017 Luca Franzoi Service Management

EriZone – Avviso di sicurezza

È stata scoperta una vulnerabilità nell’interfaccia agente dei sistemi EriZone – OTRS che coinvolge tutti i sistemi OTRS, Erizone 3.x e Erizone 5.x.

A tale vulnerabilità è stata assegnata una criticità di livello alto.

Al fine di garantire la sicurezza del sistema è consigliabile de-registrare il modulo Installer.pm.
Per farlo sarà sufficiente editare il file /opt/erizone/otrs/Kernel/Config.pm ed inserire le seguenti righe:

# Security FIX # WP 31.05.2017
delete $Self->{'Frontend::Module'}->{Installer};

Le righe in questione vanno inserite immediatamente sotto il seguente blocco di codice:

# ---------------------------------------------- #
# fs root directory
# ---------------------------------------------- #

$Self->{Home} = '/opt/otrs';

Per maggiori informazioni riguardo la vulnerabilità in oggetto è possibile consultare il seguente link:

http://www.cvedetails.com/cve/CVE-2014-9324/

Dettagli tecnici inerenti la vulnerabilità:

  • Date: 2017-05-30
  • Title: Installer Routine Vulnerability
  • Severity: High
  • Product: OTRS 3.2.* EriZone 3.* and EriZone 5.*
  • References: CVE-2017-9324

Luca Franzoi

Luca Franzoi

Service & Support Engineer at Würth Phoenix

Author

Luca Franzoi

Latest posts by Luca Franzoi

13. 03. 2020 Bug Fixes, Log Management, Log-SIEM, NetEye, Unified Monitoring
Bug discovered on NetEye module logmanagement and SIEM
14. 01. 2020 NetEye, Unified Monitoring
Using Nmap as an Import Source for NetEye 4
10. 12. 2019 Downloads / Release Notes, ITOA, NetEye, Unified Monitoring
Grafana User Management Deprecation in NetEye 4.10
03. 09. 2019 Bug Fixes, NetEye
Security Fix for NetEye 3.17
27. 11. 2017 Service Management
EriZone – Security Advisory
See All

Related Content

Tags:

09. 03. 2021 Contribution, NetEye, Unified Monitoring

NeDi 1.9 security advisory

Synopsis Critical: NeDi security update Type/Severity Security Advisory: Critical Topic An update for NeDi is now available for NetEye. NetEye Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base Read More
18. 08. 2020 Bug Fixes, NetEye

NetEye 4 – Security Advisory

Synopsis Critical: Icinga Web 2 security update Type/Severity Security Advisory: Critical Topic An update for Icinga Web 2 is now available for NetEye 4.12 and 4.13. NetEye Product Security has rated this update as having a security impact of Critical. Read More
03. 09. 2019 Bug Fixes, NetEye

Security Fix for NetEye 3.17

A vulnerability has been detected on the Nagios web interface. Attackers may exploit this vulnerability to gain access to sensitive information or crash the affected application, denying service to legitimate users. To guarantee the security of your system, we recommend Read More
07. 08. 2018 Downloads / Release Notes, Service Management

EriZone – Security Advisory

A vulnerability has been detected on EriZone - OTRS systems. This vulnerability is classified with a severity of 7.2 (high). Further information regarding this topic can be found at https://community.otrs.com/security-advisory-2018-03-security-update-for-otrs-framework/ To guarantee the security of your system, we recommend applying last Read More
27. 11. 2017 Service Management

EriZone – Security Advisory

A vulnerability has been detected on the agent interface of the EriZone – OTRS system. The following is valid for all OTRS 3.3.x, Erizone 3.x and EriZone 5.x systems. This vulnerability takes advantage of a Code injection in Kernel/System/Spelling.pm and Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

Search by technology

Contact

Contact us
Serviceportal
net.support@wuerth-phoenix.com

Subscribe to Feed

Article     Comments
Insert your E-Mail address:

Archive