Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 471096 (CVE-2013-3551) - <www-apps/otrs-3.2.7: Ticket Split Mechanism Vulnerability (CVE-2013-3551)
Summary: <www-apps/otrs-3.2.7: Ticket Split Mechanism Vulnerability (CVE-2013-3551)
Alias: CVE-2013-3551
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
Whiteboard: ~4 [noglsa]
Depends on:
Reported: 2013-05-23 17:10 UTC by Agostino Sarubbo
Modified: 2014-12-07 20:08 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-05-23 17:10:59 UTC
From ${URL} :

A vulnerability has been reported in OTRS and OTRS ITSM, which can be exploited by malicious users 
to disclose potentially sensitive information.

The vulnerability is caused to an error when handling URLs related to the ticket split mechanism, 
which can be exploited to disclose otherwise restricted ticket contents.

Successful exploitation requires a valid agent login.

The vulnerability is reported in the following products and versions:
* OTRS versions 3.2.x through 3.2.6, 3.1.x through 3.1.15, and 3.0.x through 3.0.19.
* OTRS ITSM versions 3.2.x through 3.2.4, 3.1.x through 3.1.8, and 3.0.x through 3.0.7.

Update to a fixed version.
Further details available to Secunia VIM customers

Provided and/or discovered by
Reported by the vendor.

Original Advisory

@maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
Comment 1 Kristian Fiskerstrand (RETIRED) gentoo-dev 2014-08-26 19:35:16 UTC
@Maintainers: Please clean up vulnerable versions (and ACK doing so on this bug report). Setting cleanup+; Maintainer timeout in 30 days.?
Comment 2 Kristian Fiskerstrand (RETIRED) gentoo-dev 2014-12-07 20:08:25 UTC
+  07 Dec 2014; Kristian Fiskerstrand <> -otrs-3.2.4.ebuild,
+  -otrs-3.2.5.ebuild, -otrs-3.2.6.ebuild:
+  Security cleanup for bug #471096 due to maintainer timeout