FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

otrs -- Scheduler Process ID File Access

Affected packages
3.2.* < otrs < 3.2.18
3.3.* < otrs < 3.3.15
4.0.* < otrs < 4.0.13

Details

VuXML ID 1e7f0c11-673a-11e5-98c8-60a44c524f57
Discovery 2015-09-17
Entry 2015-09-30

The OTRS project reports:

An attacker with valid LOCAL credentials could access and manipulate the process ID file for bin/otrs.schduler.pl from the CLI.

The Proc::Daemon module 0.14 for Perl uses world-writable permissions for a file that stores a process ID, which allows local users to have an unspecified impact by modifying this file.

[source]

References

CVE Name CVE-2013-7135
CVE Name CVE-2015-6842
URL https://www.otrs.com/security-advisory-2015-02-scheduler-process-id-file-access/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.