OTRS is vulnerable to a XSS/XSRF. It is possible to inject code into the
Subaction parameter. Authentication is required to reach the page, but a
non-authenticated user will be asked to login and the attack will still be
carried out.
"OTRS is an Open source Ticket Request System with many features to manage
customer
telephone calls and e-mails. The system is built to allow your support,
sales,
pre-sales, billing, internal IT, helpdesk, etc. department to react quickly
to
inbound inquiries"
by otrs.org
II. Vulnerablity
----------------
OTRS is vulnerable to a XSS/XSRF. It is possible to inject code into the
Subaction parameter. Authentication is required to reach the page, but a
non-authenticated user will be asked to login and the attack will still be
carried
out. XSRF is ofcourse also possible in this case.
IIa. Affected Versions
----------------------
OTRS 2.0.4 was tested and appears to be vulnerable. I've tested version
2.2.0 and
it doesn't seem to be vulnerable anymore.
Copyright 2007 by ciri from Virtuax.be All rights reserved. 1
Feedback :
If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.
Maksymilian Arciemowicz discovered a Integer Overflow
vulnerability in the libc library "strfmon()" function.A vulnerability could allow an attacker who successfully exploits this vulnerability to take control of the affected *BSD systems.