31. 05. 2017 Luca Franzoi Service Management

EriZone – Security Advise

It was detected a vulnerability on the agent interface of the EriZone – OTRS system. The following is valid for all OTRS, Erizone 3.x and EriZone 5.x systems

The severity of this vulnerability has been categorized with “high”.

To guarantee the security of your system, we recommend to disable the Installer.pm module.
Modify the file /opt/erizone/otrs/Kernel/Config.pm and insert following lines:

# Security FIX # WP 31.05.2017
delete $Self->{'Frontend::Module'}->{Installer};

This lines has to be inserted directly after the following code block:

# ----------------------------------------------- #
# fs root directory
# ----------------------------------------------- #

$Self->{Home} = '/opt/otrs';

Further information regarding this topic can be found on http://www.cvedetails.com/cve/CVE-2014-9324/

Technical details:

  • Date: 2017-05-30
  • Title: Installer Routine Vulnerability
  • Severity: High
  • Product: OTRS 3.2.* EriZone 3.* and EriZone 5.*
  • References: CVE-2017-9324
Luca Franzoi

Luca Franzoi

Service & Support Engineer at Würth Phoenix

Author

Luca Franzoi

Latest posts by Luca Franzoi

14. 12. 2021 Bug Fixes, NetEye
NetEye 3 Logstash and Elasticsearch – Security Advisory
13. 03. 2020 Bug Fixes, Log Management, Log-SIEM, NetEye, Unified Monitoring
Bug discovered on NetEye module logmanagement and SIEM
14. 01. 2020 NetEye, Unified Monitoring
Using Nmap as an Import Source for NetEye 4
10. 12. 2019 Downloads / Release Notes, ITOA, NetEye, Unified Monitoring
Grafana User Management Deprecation in NetEye 4.10
03. 09. 2019 Bug Fixes, NetEye
Security Fix for NetEye 3.17
See All

Related Content

Tags:

14. 11. 2024 Bug Fixes

NetEye 4 – Security Advisory

Synopsis Important: Icinga2 security update Type/Severity Security Advisory: Critical Topic An update for the package icinga2 is now available for NetEye 4. NetEye Product Security has rated this update as having a security impact of Critical. Common Vulnerability Scoring System Read More
12. 11. 2024 Bug Fixes

NetEye 4 – Security Advisory

Synopsis Important: GLPI security update Type/Severity Security Advisory: Critical Topic An update for the package glpi is now available for NetEye 4. NetEye Product Security has rated this update as having a security impact of Critical. Common Vulnerability Scoring System Read More
30. 04. 2024 Bug Fixes

NetEye 4 – Security Advisory

Synopsis Important: GLPI security update Type/Severity Security Advisory: High Topic An update for the package glpi is now available for NetEye 4. NetEye Product Security has rated this update as having a security impact of High. Common Vulnerability Scoring System Read More
04. 04. 2024 Bug Fixes

Important GLPI Agent 1.7.3 Security Advisory

Type/Severity Security Advisory: High Topic There is a security update for GLPI Agent Description This version specifically fixes 2 critical security issues related to MSI packaging on Windows: CVE-2024-28240: A local user could modify the GLPI Agent configuration to gain Read More
01. 08. 2023 Bug Fixes, NetEye

NetEye 4 – Security Advisory

Synopsis Important: GLPI security update Type/Severity Security Advisory: Important Topic An update for the package glpi is now available for NetEye 4. NetEye Product Security has rated this update as having a security impact of Important. Common Vulnerability Scoring System Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

Search by technology

Contact

Contact us
Serviceportal

Archive