OTRS Race Condition Data Corruption Vulnerability Network Vulnerability

Summary

This host is installed with OTRS (Open Ticket Request System) and is prone to data corruption vulnerability.

Impact

Successful exploitation will allow remote authenticated users to corrupt data in TicketCounter.log file by creating tickets. Impact Level: Application

Solution

Upgrade to OTRS (Open Ticket Request System) version 2.4.8 or later, For updates refer to http://www.otrs.com/en/

Insight

An error exists in Race condition in the Kernel::System::Main::FileWrite method which allow user to corrupt the TicketCounter.log file

Affected

OTRS (Open Ticket Request System) version before 2.4.8

Detection

Get the installed version of OTRS with the help of detect NVT and check the version is vulnerable or not.

References

http://osvdb.org/74100

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-4765

CVSS	Base Score: 4.9 AV:N/AC:M/Au:S/C:N/I:P/A:P

Related Vulnerabilities

12Planet Chat Server one2planet.infolet.InfoServlet XSS
/doc directory browsable ?
Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
Apache CouchDB Cross Site Request Forgery Vulnerability
AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities

Take action and discover your vulnerabilities