It was detected a vulnerability on the agent interface of the EriZone – OTRS system. The following is valid for all OTRS, Erizone 3.x and EriZone 5.x systems
The severity of this vulnerability has been categorized with “high”.
To guarantee the security of your system, we recommend to disable the Installer.pm module.
Modify the file /opt/erizone/otrs/Kernel/Config.pm and insert following lines:
# Security FIX # WP 31.05.2017
delete $Self->{'Frontend::Module'}->{Installer};
This lines has to be inserted directly after the following code block:
# ----------------------------------------------- #
# fs root directory
# ----------------------------------------------- #
$Self->{Home} = '/opt/otrs';
Further information regarding this topic can be found on http://www.cvedetails.com/cve/CVE-2014-9324/
Technical details:
- Date: 2017-05-30
- Title: Installer Routine Vulnerability
- Severity: High
- Product: OTRS 3.2.* EriZone 3.* and EriZone 5.*
- References: CVE-2017-9324
Luca Franzoi
Service & Support Engineer at Würth Phoenix
Author
Latest posts by Luca Franzoi
13. 03. 2020
Bug Fixes, Log Management, Log-SIEM, NetEye, Unified Monitoring
Bug discovered on NetEye module logmanagement and SIEM
10. 12. 2019
Downloads / Release Notes, ITOA, NetEye, Unified Monitoring
Grafana User Management Deprecation in NetEye 4.10