SB2011031815 - Race condition in OTRS
Published: March 18, 2011 Updated: August 11, 2020
Security Bulletin ID
SB2011031815
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Race condition (CVE-ID: CVE-2010-4765)
The vulnerability allows a remote #AU# to manipulate or delete data.
Race condition in the Kernel::System::Main::FileWrite method in Open Ticket Request System (OTRS) before 2.4.8 allows remote authenticated users to corrupt the TicketCounter.log data in opportunistic circumstances by creating tickets.
Remediation
Install update from vendor's website.