Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-7278

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-7278
Last Modified 22 Mar 2011 12:00:00
Published 18 Mar 2011 12:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-7278

Summary

The S/MIME feature in Open Ticket Request System (OTRS) before 2.2.5, and 2.3.x before 2.3.0-beta1, does not properly configure the RANDFILE environment variable for OpenSSL, which might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available for cryptographic operations, related to inability to write to the seeding file.

Vulnerable Systems

Application

  • Otrs 0.5

  • Otrs 1.0

  • Otrs 1.0.0

  • Otrs 1.0.1

  • Otrs 1.0.2

  • Otrs 1.1

  • Otrs 1.1.0

  • Otrs 1.1.1

  • Otrs 1.1.2

  • Otrs 1.1.3

  • Otrs 1.1.4

  • Otrs 1.2.0

  • Otrs 1.2.1

  • Otrs 1.2.2

  • Otrs 1.2.3

  • Otrs 1.2.4

  • Otrs 1.3.0

  • Otrs 1.3.1

  • Otrs 1.3.2

  • Otrs 1.3.3

  • Otrs 2.0.0

  • Otrs 2.0.1

  • Otrs 2.0.2

  • Otrs 2.0.3

  • Otrs 2.0.4

  • Otrs 2.0.5

  • Otrs 2.1.0

  • Otrs 2.1.1

  • Otrs 2.1.2

  • Otrs 2.1.3

  • Otrs 2.1.4

  • Otrs 2.1.5

  • Otrs 2.1.6

  • Otrs 2.1.7

  • Otrs 2.1.8

  • Otrs 2.1.9

  • Otrs 2.2.0

  • Otrs 2.2.1

  • Otrs 2.2.2

  • Otrs 2.2.3

  • Otrs 2.2.4


References

CONFIRM - http://bugs.otrs.org/show_bug.cgi?id=2844

CONFIRM - http://bugs.otrs.org/show_bug.cgi?id=2539

CONFIRM - http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807


Last Updated: 27 May 2016 10:49:32