Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 359777 (CVE-2011-0456) - <www-apps/otrs-3.0.10: arbitrary command execution flaw (CVE-2011-0456)
Summary: <www-apps/otrs-3.0.10: arbitrary command execution flaw (CVE-2011-0456)
Alias: CVE-2011-0456
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
Whiteboard: ~1? [noglsa]
Depends on:
Reported: 2011-03-21 14:11 UTC by Paweł Hajdan, Jr. (RETIRED)
Modified: 2011-08-19 15:34 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-03-21 14:11:21 UTC
Open Ticket Request System (OTRS) 2.3.4 and earlier allows remote
attackers to execute arbitrary commands via unspecified vectors,
related to a "command injection vulnerability.

There is a patch posted, see
Comment 1 Tim Sammut (RETIRED) gentoo-dev 2011-08-19 15:34:36 UTC
Fixed software added and vulnerable versions removed by Patrick Lauer via bug 379855. Closing noglsa for ~arch package.