Fwd: Re: [Ticket#2017092834000757] Bug#876462: otrs2: CVE-2017-14635: Code Injection / Privilege Escalation OTRS

Thu, 28 Sep 2017 03:56:34 -0700 

Uff, that is pretty much :/



-------- Weitergeleitete Nachricht --------
Betreff:        Re: [Ticket#2017092834000757] Bug#876462: otrs2:
CVE-2017-14635: Code Injection / Privilege Escalation OTRS
Datum:  Thu, 28 Sep 2017 10:15:49 +0000
Von:    Dusan Vuckovic via OTRS Security Team <secur...@otrs.org>
Organisation:   OTRS AG
An:     pmatth...@debian.org



Hello Patrick,

all related commits for OTRS 5 fix regarding this vulnerability are
listed below:

  * https://github.com/OTRS/otrs/commit/a4093dc404fcbd87b235b31c72913141672f2a85
  * https://github.com/OTRS/otrs/commit/00bcc89dc2443b5d8b34a0908e224373926aa618
  * https://github.com/OTRS/otrs/commit/b69c2533c951fa72bfe238f255ce76352f054897
  * https://github.com/OTRS/otrs/commit/b92ec17196ac3e1fdcab40fbb16dbb602d5d52b5

However, to avoid unwanted side effects, we recommend a complete update.

Let us know if you have any further questions.

28/09/2017 09:31 (+1) - Patrick Matthäi wrote:
Hello Martin and everyone else,

could you help here? Is this the correct commit for CVE-2017-14635?

-------- Weitergeleitete Nachricht --------

On Fri, 22 Sep 2017 16:31:00 +0200 Salvatore Bonaccorso
<car...@debian.org> wrote:
[...]
> Unfortunately the patches are not referenced, so must be researched in
> the repository.

I had a look at this issue. I have found

https://github.com/OTRS/otrs/commit/a4093dc404fcbd87b235b31c72913141672f2a8[..]
<https://github.com/OTRS/otrs/commit/a4093dc404fcbd87b235b31c72913141672f2a85>

which was introduced in version 5.0.23 that fixed the vulnerability. It
is the only commit that mentions the keywords agent and statistics but
I'm not sure if the commit is sufficient. I suggest to contact upstream
about this and ask for a clarification.

Regards,

Markus


 



Regards,

Dusan Vuckovic

-- 
OTRS AG
Zimmersmühlenweg 11
61440 Oberursel 
Germany
E: sa...@otrs.com <mailto:sa...@otrs.com>
I: http://www.otrs.com/

Business location: Oberursel, Country Court: Bad Homburg, HRB 10751, VAT
ID: DE256610065
Chairman: Burchard Steinbild, Managing Board: André Mindermann (CEO),
Christopher Kuhn, Sabine Riedel
 

*OTRS Business Solution™
5s – Organization. Security. Communication. Structure*. – Flexible
solutions for your company’s success <https://www.otrs.com/?utm_id=1036>

More information:
Solutions <https://www.otrs.com/products/?utm_id=1037> *|* Success
Stories
<https://www.otrs.com/customers/success-stories/?utm_id=1038> *|* Training
<https://www.otrs.com/public-otrs-trainings/?utm_id=1039>

 

 

Reply via email to