[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Fwd: Re: [Ticket#2017092834000757] Bug#876462: otrs2: CVE-2017-14635: Code Injection / Privilege Escalation OTRS

Uff, that is pretty much :/

-------- Weitergeleitete Nachricht --------
Betreff: Re: [Ticket#2017092834000757] Bug#876462: otrs2: CVE-2017-14635: Code Injection / Privilege Escalation OTRS
Datum: Thu, 28 Sep 2017 10:15:49 +0000
Von: Dusan Vuckovic via OTRS Security Team <security@otrs.org>
Organisation: OTRS AG
An: pmatthaei@debian.org

Hello Patrick,

all related commits for OTRS 5 fix regarding this vulnerability are listed below:
However, to avoid unwanted side effects, we recommend a complete update.

Let us know if you have any further questions.

28/09/2017 09:31 (+1) - Patrick Matthäi wrote:
Hello Martin and everyone else,

could you help here? Is this the correct commit for CVE-2017-14635?

-------- Weitergeleitete Nachricht --------

On Fri, 22 Sep 2017 16:31:00 +0200 Salvatore Bonaccorso
<carnil@debian.org> wrote:
> Unfortunately the patches are not referenced, so must be researched in
> the repository.

I had a look at this issue. I have found


which was introduced in version 5.0.23 that fixed the vulnerability. It
is the only commit that mentions the keywords agent and statistics but
I'm not sure if the commit is sufficient. I suggest to contact upstream
about this and ask for a clarification.





Dusan Vuckovic


Zimmersmühlenweg 11
61440 Oberursel 
E: sales@otrs.com
I: http://www.otrs.com/

Business location: Oberursel, Country Court: Bad Homburg, HRB 10751, VAT ID: DE256610065
Chairman: Burchard Steinbild, Managing Board: André Mindermann (CEO), Christopher Kuhn, Sabine Riedel


OTRS Business Solution™ 5s – Organization. Security. Communication. Structure. – Flexible solutions for your company’s success

More information:
Solutions | Success Stories | Training



Reply to: