ISS X-Force Database: otrs-login-sql-injection(23352): Open Source Ticket Request System Login function SQL injection

Open Source Ticket Request System Login function SQL injection

otrs-login-sql-injection (23352)

Medium Risk

Description:

Open Source Ticket Request System (OTRS) is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the Login function to add, modify, or delete data from the database.

Platforms Affected:

Debian, Debian Linux 3.1
FreeBSD, FreeBSD
OpenBSD, OpenBSD
OTRS, OTRS 1.00 - 1.3.2
OTRS, OTRS 2.0.0 - 2.0.3

Remedy:

Upgrade to the latest version of OTRS (2.0.4 or 1.3.3 or later), available from the OTRS Web site. See References.

For Debian GNU/Linux:
Refer to DSA-973-1 for patch, upgrade, or suggested workaround information. See References.

Consequences:

Data Manipulation

References:

Full-Disclosure Mailing List, Tue Nov 22 2005 - 15:31:42 CST, OTRS 1.x/2.x Multiple Security Issues at http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0705.html.
OTRS Web site, OTRS::Email Management::Trouble Ticket System::Welcome! at http://otrs.org/.
BID-15537: OTRS Multiple Input Validation Vulnerabilities
CVE-2005-3893: Multiple SQL injection vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) user parameter in the Login action, and remote authenticated users via the (2) TicketID and (3) ArticleID parameters of the AgentTicketPlain action.
DSA-973: otrs -- several vulnerabilities
OSVDB ID: 21064: OTRS (Open Ticket Request System) Login Function User Variable SQL Injection
OSVDB ID: 21065: OTRS (Open Ticket Request System) AgentTicketPlain Action Multiple Variable SQL Injection
SA17685: OTRS SQL Injection and Cross-Site Scripting Vulnerabilities
SECTRACK ID: 1015262: OTRS Input Validation Bugs Permit SQL Injection and Cross-Site Scripting Attacks
SUSE-SR:2005:030: SUSE Security Summary Report
VUPEN/ADV-2005-2535: OTRS Remote SQL Injection and Cross Site Scripting Vulnerabilities

Reported:

Nov 22, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page