OTRS /tmp/ Directory Restriction Bypass Vulnerability Network Vulnerability

Summary

This host is installed with OTRS (Open Ticket Request System) and is prone to restriction bypass vulnerability.

Impact

Successful exploitation will allow local users to bypass intended access restrictions via standard filesystem operations. Impact Level: Application/System

Solution

Upgrade to OTRS (Open Ticket Request System) version 2.3.2 or later, For updates refer to http://www.otrs.com/en/

Insight

An error exists in Kernel/System/Web/Request.pm which creates a directory under /tmp/ with 1274 permissions

Affected

OTRS (Open Ticket Request System) version before 2.3.2

Detection

Get the installed version of OTRS with the help of detect NVT and check the version is vulnerable or not.

References

http://osvdb.org/74023

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-7276

CVSS	Base Score: 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Aker Secure Mail Gateway Cross-Site Scripting Vulnerability
Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability
@Mail WebMail Email Body HTML Injection Vulnerability
Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
Apache Archiva Cross Site Request Forgery Vulnerability

Take action and discover your vulnerabilities