FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

otrs -- Scheduler Process ID File Access

Affected packages
3.2.* < otrs < 3.2.18
3.3.* < otrs < 3.3.15
4.0.* < otrs < 4.0.13


VuXML ID 1e7f0c11-673a-11e5-98c8-60a44c524f57
Discovery 2015-09-17
Entry 2015-09-30

The OTRS project reports:

An attacker with valid LOCAL credentials could access and manipulate the process ID file for bin/ from the CLI.

The Proc::Daemon module 0.14 for Perl uses world-writable permissions for a file that stores a process ID, which allows local users to have an unspecified impact by modifying this file.


CVE Name CVE-2013-7135
CVE Name CVE-2015-6842