31. 05. 2017 Luca Franzoi Service Management

EriZone – Sicherheitshinweis

Auf dem Agent-Interface der EriZone – OTRS Systeme wurde eine Sicherheitslücke entdeckt. Nachfolgendes gilt für alle OTRS Systeme, sowie EriZone 3.x und EriZone 5.x

Der Vulnerabilität wurde Wichtigkeit “hoch” zugewiesen.

Um die Sicherheit Ihres Systems zu garantieren, empfehlen wir Ihnen das Installer.pm Modul zu deaktivieren.
Ändern Sie dafür das File /opt/erizone/otrs/Kernel/Config.pm und fügen Sie folgende Zeilen ein:

# Security FIX # WP 31.05.2017
delete $Self->{'Frontend::Module'}->{Installer};

Diese Zeilen werden direkt nach dem folgenden Code-Block eingefügt:

# ----------------------------------------------- #
# fs root directory
# ----------------------------------------------- #

$Self->{Home} = '/opt/otrs';

Weitere Informationen zu diesem Thema finden Sie unter http://www.cvedetails.com/cve/CVE-2014-9324/

Technische Details:

  • Date: 2017-05-30
  • Title: Installer Routine Vulnerability
  • Severity: High
  • Product: OTRS 3.2.* EriZone 3.* and EriZone 5.*
  • References: CVE-2017-9324

Luca Franzoi

Luca Franzoi

Service & Support Engineer at Würth Phoenix

Author

Luca Franzoi

Latest posts by Luca Franzoi

13. 03. 2020 Bug Fixes, Log Management, Log-SIEM, NetEye, Unified Monitoring
Bug discovered on NetEye module logmanagement and SIEM
14. 01. 2020 NetEye, Unified Monitoring
Using Nmap as an Import Source for NetEye 4
10. 12. 2019 Downloads / Release Notes, ITOA, NetEye, Unified Monitoring
Grafana User Management Deprecation in NetEye 4.10
03. 09. 2019 Bug Fixes, NetEye
Security Fix for NetEye 3.17
27. 11. 2017 Service Management
EriZone – Security Advisory
See All

Related Content

Tags: ,

09. 03. 2021 Contribution, NetEye, Unified Monitoring

NeDi 1.9 security advisory

Synopsis Critical: NeDi security update Type/Severity Security Advisory: Critical Topic An update for NeDi is now available for NetEye. NetEye Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base Read More
11. 01. 2021 Downloads / Release Notes, Service Management

EriZone 5.9 Release Notes

Welcome to the latest version of our Service Management solution EriZone version 5.9. Product: EriZoneRelease Number: 5.9Release Date: January 7, 2021Release Type: MinorPrevious Release: 5.8 These release notes for EriZone 5.9 describe changes and improvements, and provide information on how to upgrade. Read More
17. 12. 2020 Cloud, Unified Monitoring

EriZone/OTRS: Single Sign On with (Multiple) AzureAD Using Shibboleth

More and more enterprises rely on Microsoft Azure Active Directory as a company-wide identity provider for Office365, Teams, Sharepoint and other Microsoft and various non-Microsoft services. It provides Single Sign-On (SSO), so when opening any of these applications, if an Read More
17. 09. 2020 Unified Monitoring

EriZone: CentOS 6 EOL: Plan Your Migration to CentOS 7 Now!

Dear EriZone customers! Some of your EriZone VMs are still working on CentOS 6, which will reach its End of Life on November 30th, 2020. This means that no new security or bugfix updates will be released after this date. Read More
18. 08. 2020 Bug Fixes, NetEye

NetEye 4 – Security Advisory

Synopsis Critical: Icinga Web 2 security update Type/Severity Security Advisory: Critical Topic An update for Icinga Web 2 is now available for NetEye 4.12 and 4.13. NetEye Product Security has rated this update as having a security impact of Critical. Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

Search by technology

Contact

Contact us
Serviceportal
net.support@wuerth-phoenix.com

Subscribe to Feed

Article     Comments
Insert your E-Mail address:

Archive