It was detected a vulnerability on the agent interface of the EriZone – OTRS system. The following is valid for all OTRS, Erizone 3.x and EriZone 5.x systems
The severity of this vulnerability has been categorized with “high”.
To guarantee the security of your system, we recommend to disable the Installer.pm module.
Modify the file /opt/erizone/otrs/Kernel/Config.pm and insert following lines:
# Security FIX # WP 31.05.2017
delete $Self->{'Frontend::Module'}->{Installer};
This lines has to be inserted directly after the following code block:
# ----------------------------------------------- #
# fs root directory
# ----------------------------------------------- #
$Self->{Home} = '/opt/otrs';
Further information regarding this topic can be found on http://www.cvedetails.com/cve/CVE-2014-9324/
Technical details:
- Date: 2017-05-30
- Title: Installer Routine Vulnerability
- Severity: High
- Product: OTRS 3.2.* EriZone 3.* and EriZone 5.*
- References: CVE-2017-9324
Luca Franzoi
Service & Support Engineer at Würth Phoenix
Author
Latest posts by Luca Franzoi
05. 05. 2025
Unified Monitoring
How to Reduce Icinga 2 Log Verbosity, and Regularly Clean Them from Event Viewer
05. 02. 2025
AI, Uncategorized
Will AI Take Over the World?
13. 03. 2020
Bug Fixes, Log Management, Log-SIEM, NetEye, Unified Monitoring
Bug discovered on NetEye module logmanagement and SIEM