#VU45215 Race condition in OTRS - CVE-2010-4765

Cybersecurity Help s.r.o.

Published: 2011-03-18 | Updated: 2020-08-11

Vulnerability identifier: #VU45215

Vulnerability risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2010-4765

CWE-ID: CWE-362

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
OTRS
Web applications / Other software

Vendor: otrs.org

Description

The vulnerability allows a remote #AU# to manipulate or delete data.

Race condition in the Kernel::System::Main::FileWrite method in Open Ticket Request System (OTRS) before 2.4.8 allows remote authenticated users to corrupt the TicketCounter.log data in opportunistic circumstances by creating tickets.

Mitigation
Install update from vendor's website.

Vulnerable software versions

OTRS: 0.5 - 2.4.6

External links
https://bugs.otrs.org/show_bug.cgi?id=4936
https://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Race condition in OTRS