359777 – (CVE-2011-0456) <www-apps/otrs-3.0.10: arbitrary command execution flaw (CVE-2011-0456)

Bug 359777 (CVE-2011-0456) - <www-apps/otrs-3.0.10: arbitrary command execution flaw (CVE-2011-0456)

Summary: <www-apps/otrs-3.0.10: arbitrary command execution flaw (CVE-2011-0456)

Status:	RESOLVED FIXED

Alias:	CVE-2011-0456

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	~1? [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2011-03-21 14:11 UTC by Paweł Hajdan, Jr. (RETIRED)
Modified:	2011-08-19 15:34 UTC (History)
CC List:	3 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Paweł Hajdan, Jr. (RETIRED) gentoo-dev

2011-03-21 14:11:21 UTC

Open Ticket Request System (OTRS) 2.3.4 and earlier allows remote
attackers to execute arbitrary commands via unspecified vectors,
related to a "command injection vulnerability.

There is a patch posted, see https://bugzilla.redhat.com/show_bug.cgi?id=688727

Comment 1 Tim Sammut (RETIRED) gentoo-dev

2011-08-19 15:34:36 UTC

Fixed software added and vulnerable versions removed by Patrick Lauer via bug 379855. Closing noglsa for ~arch package.