CVE-2017-16921 in Ubuntu

CVE-2017-16921

Priority

Description

In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including
5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is
logged into OTRS as an agent can manipulate form parameters (related to
PGP) and execute arbitrary shell commands with the permissions of the OTRS
or web server user.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16921
https://www.otrs.com/security-advisory-2017-09-security-update-otrs-framework/
https://bugs.otrs.org/show_bug.cgi?id=13357

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883774

Notes

Package

Source: otrs2 (LP Ubuntu Debian)

Upstream:	released (6.0.2-1)
Ubuntu 18.04 LTS:	not-affected (6.0.5-1)
Ubuntu 20.04 LTS:	not-affected (6.0.5-1)
Ubuntu 21.10:	not-affected (6.0.5-1)
Ubuntu 22.04 LTS:	not-affected (6.0.5-1)
Ubuntu 14.04 ESM:	DNE (trusty was needed)

Patches:

More Information

Mitre
NVD
Launchpad
Debian

Updated: 2022-06-10 13:58:47 UTC (commit 22cd97abab61e5eccab4070a258ab5d6a94b972b)