31. 05. 2017 Luca Franzoi Service Management

EriZone – Sicherheitshinweis

Auf dem Agent-Interface der EriZone – OTRS Systeme wurde eine Sicherheitslücke entdeckt. Nachfolgendes gilt für alle OTRS Systeme, sowie EriZone 3.x und EriZone 5.x

Der Vulnerabilität wurde Wichtigkeit “hoch” zugewiesen.

Um die Sicherheit Ihres Systems zu garantieren, empfehlen wir Ihnen das Installer.pm Modul zu deaktivieren.
Ändern Sie dafür das File /opt/erizone/otrs/Kernel/Config.pm und fügen Sie folgende Zeilen ein:

# Security FIX # WP 31.05.2017
delete $Self->{'Frontend::Module'}->{Installer};

Diese Zeilen werden direkt nach dem folgenden Code-Block eingefügt:

# ----------------------------------------------- #
# fs root directory
# ----------------------------------------------- #

$Self->{Home} = '/opt/otrs';

Weitere Informationen zu diesem Thema finden Sie unter http://www.cvedetails.com/cve/CVE-2014-9324/

Technische Details:

  • Date: 2017-05-30
  • Title: Installer Routine Vulnerability
  • Severity: High
  • Product: OTRS 3.2.* EriZone 3.* and EriZone 5.*
  • References: CVE-2017-9324
Luca Franzoi

Luca Franzoi

Service & Support Engineer at Würth Phoenix

Author

Luca Franzoi

Latest posts by Luca Franzoi

05. 05. 2025 Unified Monitoring
How to Reduce Icinga 2 Log Verbosity, and Regularly Clean Them from Event Viewer
05. 02. 2025 AI
Will AI Take Over the World?
14. 12. 2021 Bug Fixes, NetEye
NetEye 3 Logstash and Elasticsearch – Security Advisory
13. 03. 2020 Bug Fixes, Log Management, Log-SIEM, NetEye, Unified Monitoring
Bug discovered on NetEye module logmanagement and SIEM
14. 01. 2020 NetEye, Unified Monitoring
Using Nmap as an Import Source for NetEye 4
See All

Related Content

Tags: , ,

23. 10. 2025 Bug Fixes, NetEye

NetEye 4 – Security Advisory (Icinga 2)

Important: Icinga2 security update Type/Severity NetEye Product Security has rated this update as having a High security impact. Topic An update for the icinga2 packages is now available for NetEye 4. Security Fix for NetEye 4.44 2.15.1_neteye1.61.3-1 CVEs CVE-2025-61907: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N CVE-2025-61908: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-61909: Read More
08. 10. 2025 Bug Fixes, NetEye

NetEye 4 – Security Advisory (Elastic Stack)

Important: Elastic Stack security update Type/Severity NetEye Product Security has rated this update as having a High security impact. Topic An update for the elasticsearch and kibana packages is now available for NetEye 4. Security Fix for NetEye 4.44 9.0.8_neteye3.85.1-1 CVEs CVE-2025-25009: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N Read More
02. 09. 2025 Bug Fixes, NetEye

NetEye 4 – Security Advisory (SIEM)

Important: Elastic Stack security update (installed with SIEM) Type/Severity NetEye Product Security has rated this update as having a High security impact. Topic An update for the elasticsearch package is now available for NetEye 4. Security Fix for NetEye 4.43 8.18.6_neteye3.81.9-1 CVE-2025-54988 (Apache Read More
07. 07. 2025 Bug Fixes, NetEye

NetEye Security Advisory

Important: Elastic Stack security update (installed with SIEM) Type/Severity NetEye Product Security has rated this update as having a Critical security impact. Topic An update for the kibana package is now available for NetEye 4. Security Fix for NetEye 4.41 8.18.3_neteye3.79.1-1 CVSSv3.1: 9.9 Read More
14. 05. 2025 Bug Fixes, NetEye

NetEye Security Advisory

Important: Elastic Stack security update (installed with SIEM) Type/Severity NetEye Product Security has rated this update as having a Critical security impact. Topic An update for the kibana package is now available for NetEye 4. Security Fix for NetEye 4.41 8.17.6_neteye3.74.6-1 CVSSv3.1: 9.1(Critical) Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

Search by technology

Contact

Contact us
Serviceportal

Archive