21. 09. 2017 Luca Franzoi Service Management

EriZone – Security Advisory

A vulnerability has been detected on the agent interface of the EriZone – OTRS system. The following is valid for all OTRS 3.3.x, Erizone 3.x and EriZone 5.x systems.

This vulnerability takes advantage of a hole in agent statistics module and has been classified with a “high” risk.

To guarantee the security of your system, we recommend applying last released patches.

 
For EriZone 5.2:

Via Admin >> Package Manager
Click on “Update repository information” and upgrade the packages strictly in the following sequence:

  • EriZoneCore
  • EriZoneServiceDeskEnhancement
  • EriZoneTheme

For EriZone 3.6:

Via Admin >> Package Manager
Click on “Update repository information” and upgrade package:

  • EriZoneCore

For both systems, after previous procedure use a console to launch following commands:

  • /opt/otrs/scripts/EriZone/erizone.global_makelink
  • /opt/otrs/scripts/EriZone/Permissions.sh
  • /opt/otrs/scripts/EriZone/RestartEriZone.sh

Further information regarding this topic can be found on https://www.otrs.com/security-advisory-2017-04-security-update-otrs-versions/

The update for Erizone 5.2 will also fix two more bugs.


Technical details:

  • Date: 2017-09-19
  • Title: Code Injection / Privilege Escalation OTRS
  • Severity: High
  • Product: OTRS 3.3.*, EriZone 3.* and EriZone 5.*
  • ID: OSA-2017-04
Luca Franzoi

Luca Franzoi

Service & Support Engineer at Würth Phoenix

Author

Luca Franzoi

Leave a Reply

Your email address will not be published. Required fields are marked *

Archive