Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 359777 (CVE-2011-0456)

Summary: <www-apps/otrs-3.0.10: arbitrary command execution flaw (CVE-2011-0456)
Product: Gentoo Security Reporter: Paweł Hajdan, Jr. (RETIRED) <phajdan.jr>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: alexanderyt, jesse, web-apps
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: ~1? [noglsa]
Package list:
Runtime testing required: ---

Description Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-03-21 14:11:21 UTC 
Open Ticket Request System (OTRS) 2.3.4 and earlier allows remote
attackers to execute arbitrary commands via unspecified vectors,
related to a "command injection vulnerability.

There is a patch posted, see https://bugzilla.redhat.com/show_bug.cgi?id=688727
Comment 1 Tim Sammut (RETIRED) gentoo-dev 2011-08-19 15:34:36 UTC 
Fixed software added and vulnerable versions removed by Patrick Lauer via bug 379855. Closing noglsa for ~arch package.