===================================================================== CERT-Renater Note d'Information No. 2010/VULN368 _____________________________________________________________________ DATE : 21/09/2010 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running OTRS versions 2.4.x, 2.3.x. ====================================================================== http://otrs.org/advisory/OSA-2010-02-en/ ______________________________________________________________________ - -------------------------------------------------------------------------------- OTRS Security Advisory 2010-02 - -------------------------------------------------------------------------------- ID: OSA-2010-02 Date: 2010-09-15 Title: Multiple XSS and denial of service vulnerabilities Severity: Less critical Product: OTRS 2.4.x, OTRS 2.3.x Fixed in: OTRS 2.4.8, OTRS 2.3.6 URL: http://otrs.org/advisory/OSA-2010-02-en/ CVE: CVE-2010-2080 - -------------------------------------------------------------------------------- This Advisory covers vulnerabilities discovered in the OTRS core system. Multiple Cross Site Scripting issues Missing HTML quoting allows authenticated agents or customers to inject HTML tags. This vulnerability allows an attacker to inject script code into the OTRS web-interface which will be loaded and executed in the browsers of system users. Possible Denial of Service Attack Perl's regular expressions consume 100% CPU time on the server if an agents or customer views an affected article. To exploit this vulnerability the malicious user needs to send extremely large HTML emails to your system address. Affected by these vulnerabilities are all releases of OTRS 2.3.x and 2.4.x up to and including 2.4.7. These vulnerabilities are fixed in OTRS 2.3.6 and OTRS 2.4.8. Fixed OTRS releases can be found at: o http://otrs.org/releases/ As a workaround it's also possible to replace the following files by a version that has been fixed. o OTRS 2.4.x: o Kernel/Output/HTML/Standard/AgentStatsOverview.dtl v1.7.2.1 o Kernel/Modules/AdminCustomerUser.pm v1.57.2.1 o Kernel/Modules/AdminCustomerUserGroup.pm v1.18.2.2 o Kernel/Output/HTML/Standard/AdminCustomerUserGroupForm.dtl v1.10.2.1 o Kernel/Modules/CustomerTicketOverView.pm v1.50.2.1 o Kernel/System/HTMLUtils.pm v1.12.2.3 o OTRS 2.3.x: o Kernel/Output/HTML/Standard/AgentStatsOverview.dtl v1.4.2.1 o Kernel/Modules/AdminCustomerUser.pm v1.55.2.1 o Kernel/Modules/AdminCustomerUserGroup.pm v1.16.2.2 o Kernel/Output/HTML/Standard/AdminCustomerUserGroupForm.dtl v1.9.2.1 Also available via web http://source.otrs.org/. Please send information regarding vulnerabilities in OTRS to security@otrs.org. Many thanks to Aaron Roberts, Alexander Neufeld, Arnfinn Roland and Marcus Krause (TYPO3 Security Team - http://t3sec.info/) for discovering and reporting these vulnerabilities. Copyright (c) OTRS AG, ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================