SB2011031802 - Multiple vulnerabilities in OTRS

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2008-7276)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Kernel/System/Web/Request.pm in Open Ticket Request System (OTRS) before 2.3.2 creates a directory under /tmp/ with 1274 permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations, related to incorrect interpretation of 0700 as a decimal value.

2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2008-7277)

The vulnerability allows a remote #AU# to read and manipulate data.

Open Ticket Request System (OTRS) before 2.3.0-beta4 checks for the rw permission, instead of the configured merge permission, during authorization of merge operations, which might allow remote authenticated users to bypass intended access restrictions by merging two tickets.

Remediation

Install update from vendor's website.

References

• http://bugs.otrs.org/show_bug.cgi?id=3133
• http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807
• http://bugs.otrs.org/show_bug.cgi?id=3045