OTRS Security Advisory 2010-01
-------------------------------------------------------------------------------- OTRS Security Advisory 2010-01 <security@otrs.org> -------------------------------------------------------------------------------- ID: OSA-2010-01 Date: 2010-02-08 Title: Vulnerability in OTRS-Core allows SQL-Injection Severity: Critical Product: OTRS 2.4.x, OTRS 2.3.x, OTRS 2.2.x, OTRS 2.1.x Fixed in: OTRS 2.4.7, OTRS 2.3.5, OTRS 2.2.9, OTRS 2.1.9 URL: http://otrs.org/advisory/OSA-2010-01-en/ CVE: CVE-2010-0438 -------------------------------------------------------------------------------- This Advisory covers a vulnerability discovered in the OTRS core system. SQL Injection Missing security quoting for SQL statements allows agents and customers to manipulate SQL queries. So it's possible for authenticated users to inject SQL queries via string manipulation of statements. A malicious user may be able to manipulate SQL queries to read or modify records in the database. This way it could also be possible to get access to more permissions (e. g. administrator permissions). To use this vulnerability the malicious user needs to have a valid Agent- or Customer-session. Affected by this vulnerability are all releases of OTRS 2.1.x up to and including 2.4.6. This vulnerability is fixed in OTRS 2.1.9, OTRS 2.2.9, OTRS 2.3.5 and OTRS 2.4.7. Fixed OTRS releases can be found at: o http://otrs.org/releases/ As a workaround it's also possible to replace the file Kernel/System/Ticket.pm by a version that has been fixed. o OTRS 2.1.x: v1.233.2.3 o OTRS 2.2.x: v1.275.2.19 o OTRS 2.3.x: v1.346.2.9 o OTRS 2.4.x: v1.416.2.10 (http://source.otrs.org/viewvc.cgi/otrs/Kernel/System/Ticket.pm?view=log). Please send information regarding vulnerabilities in OTRS to security@otrs.org. Many thanks to CESICAT (http://www.cesicat.cat/) for discovering this vulnerability. Copyright (c) OTRS AG, <http://otrs.org/>
Copyright © 2001-2010 OTRS Team, All Rights Reserved.
