31. 05. 2017 Luca Franzoi Service Management

EriZone – Sicherheitshinweis

Auf dem Agent-Interface der EriZone – OTRS Systeme wurde eine Sicherheitslücke entdeckt. Nachfolgendes gilt für alle OTRS Systeme, sowie EriZone 3.x und EriZone 5.x

Der Vulnerabilität wurde Wichtigkeit “hoch” zugewiesen.

Um die Sicherheit Ihres Systems zu garantieren, empfehlen wir Ihnen das Installer.pm Modul zu deaktivieren.
Ändern Sie dafür das File /opt/erizone/otrs/Kernel/Config.pm und fügen Sie folgende Zeilen ein:

# Security FIX # WP 31.05.2017
delete $Self->{'Frontend::Module'}->{Installer};

Diese Zeilen werden direkt nach dem folgenden Code-Block eingefügt:

# ----------------------------------------------- #
# fs root directory
# ----------------------------------------------- #

$Self->{Home} = '/opt/otrs';

Weitere Informationen zu diesem Thema finden Sie unter http://www.cvedetails.com/cve/CVE-2014-9324/

Technische Details:

  • Date: 2017-05-30
  • Title: Installer Routine Vulnerability
  • Severity: High
  • Product: OTRS 3.2.* EriZone 3.* and EriZone 5.*
  • References: CVE-2017-9324
Luca Franzoi

Luca Franzoi

Service & Support Engineer at Würth IT Italy

Author

Luca Franzoi

Latest posts by Luca Franzoi

03. 12. 2025 Front-end, Icinga Web 2, UX
Introducing a New Monitoring Interface: A Fresh, Flexible Experience
05. 05. 2025 Unified Monitoring
How to Reduce Icinga 2 Log Verbosity, and Regularly Clean Them from Event Viewer
05. 02. 2025 AI
Will AI Take Over the World?
14. 12. 2021 Bug Fixes, NetEye
NetEye 3 Logstash and Elasticsearch – Security Advisory
13. 03. 2020 Bug Fixes, Log Management, Log-SIEM, NetEye, Unified Monitoring
Bug discovered on NetEye module logmanagement and SIEM
See All

Related Content

Tags: , ,

30. 04. 2026 Bug Fixes, NetEye

NetEye 4 – Security Advisory (GLPI)

Important: GLPI security update Type/Severity NetEye Product Security has rated this update as having a high security impact. Topic An update for the glpi packages is now available for NetEye 4. Security Fix for NetEye 4.47 10.0.25_neteye1.18.0-1 Summary The vulnerabilities include two Stored Read More
13. 04. 2026 Bug Fixes, NetEye

NetEye 4 – Security Advisory (Elastic Stack)

Important: Elastic Stack security update Type/Severity NetEye Product Security has rated this update as having a high security impact. Topic An update for the elastic stack packages are now available for NetEye 4, with a special focus on Kibana and Logstash. Security Fix Read More
01. 04. 2026 Bug Fixes, NetEye

NetEye 4 – Security Advisory (Grafana)

Important: Grafana security update Type/Severity NetEye Product Security has rated this update as having a high security impact. Topic An update for the grafana packages is now available for NetEye 4. Security Fix for NetEye 4.46 grafana-12.4.2_neteye3.29.2-1 Summary There are several patched vulnerabilities. Read More
05. 03. 2026 Bug Fixes, NetEye

NetEye 4 – Security Advisory (GLPI)

Important: GLPI security update Type/Severity NetEye Product Security has rated this update as having a high security impact. Topic An update for the glpi packages is now available for NetEye 4. Security Fix for NetEye 4.46 10.0.24_neteye1.17.5-1 Summary The vulnerability is about a Read More
04. 03. 2026 Bug Fixes, NetEye

NetEye 4 – Security Advisory (Lampo)

Important: Lampo security update Type/Severity NetEye Product Security has rated this update as having a medium security impact. Topic An update for the lampod packages is now available for NetEye 4. Security Fix for NetEye 4.46 1.1.3-1 Summary The vulnerability is about sensitive Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

Search by technology

Contact

Contact us
Serviceportal

Archive