14. 11. 2024
Bug Fixes
A vulnerability has been detected on the agent interface of the EriZone – OTRS system. The following is valid for all OTRS 3.3.x, Erizone 3.x and EriZone 5.x systems.
This vulnerability takes advantage of a Code injection in Kernel/System/Spelling.pm and is classified with a severity of 8.6 (high).
To guarantee the security of your system, we recommend applying last released patches.
For EriZone 5.2:
Via Admin >> Package Manager
Click on “Update repository information” and upgrade the packages strictly in the following sequence:
- EriZoneCore
- EriZoneTheme
For EriZone 3.6:
Via Admin >> Package Manager
Click on “Update repository information” and upgrade package:
- EriZoneCore
For both systems, after previous procedure use a console to launch following commands:
- /opt/otrs/scripts/EriZone/erizone.global_makelink
- /opt/otrs/scripts/EriZone/Permissions.sh
- /opt/otrs/scripts/EriZone/RestartEriZone.sh
Further information regarding this topic can be found on https://www.otrs.com/security-advisory-2017-07-security-update-otrs-framework/
The update on Erizone 5.2 will also fix some other theme bugs.
Technical details:
- Date: 2017-11-21
- Title: Remote code execution
- Severity: 8.6 high
- Product: OTRS 3.3.*, EriZone 3.* and EriZone 5.*
- ID: OSA-2017-07
Luca Franzoi
Service & Support Engineer at Würth Phoenix
Author
Latest posts by Luca Franzoi
13. 03. 2020
Bug Fixes, Log Management, Log-SIEM, NetEye, Unified Monitoring
Bug discovered on NetEye module logmanagement and SIEM
10. 12. 2019
Downloads / Release Notes, ITOA, NetEye, Unified Monitoring
Grafana User Management Deprecation in NetEye 4.10