Details

Do you want to get informed about security issues in OTRS? Subscribe here.

Problem

An attacker could trick a logged in user to execute malicious java script code by sending a prepared email into OTRS.

Affected by this vulnerability are all releases of OTRS 2.4.x up to and including 2.4.14, OTRS 3.0.x up to and including 3.0.15, as well as all 3.1.x versions up to and including 3.1.10.

Fixes

This vulnerability is fixed in OTRS (release of OTRS 3.1.11, OTRS 3.0.17 and OTRS 2.4.15 will be published on 16 Oct 2012).

Download

• OTRS 3.1.11, OTRS 3.0.17 and OTRS 2.4.15 or higher (will be available during 16 Oct 2012)

Workaround I

As workaround you can disable the rich text feature via sys config.

Workaround II

As workaround it is also possible to replace the following files with the fixed version:

OTRS 3.1.x:

• Kernel/System/HTMLUtils.pm 1.35.2.4

• Kernel/System/HTMLUtils.pm 1.27.2.6

• Kernel/Modules/CustomerTicketAttachment.pm 1.17.2.8
• Kernel/Modules/AgentTicketAttachment.pm 1.22.2.8

• Vulnerability Note VU#603276
• Vendor Advisory
• Proof of concept Exploit for CVE-2012-4751
• CVE-2012-4751

Please send information regarding vulnerabilities in OTRS to security @ znuny.com.