| VID |
21641 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
A version of osTicket software which is older or as old as than version 1.3.1 is detected as installed on the host. osTicket is an open-source support ticket program for Microsoft Windows, Unix and Linux operating systems. osTicket version 1.3.1beta and earlier versions are vulnerable to multiple input validation vulnerabilities as listed in the below. A remote attacker who successfully exploited the most severe of these vulnerabilities could execute arbitrary code on the vulnerable system.
1) A SQL Injection Vulnerability: Input passed to the "ticket" parameter of the "class.ticket.php" code library isn't properly sanitized before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
2) A Local File Include Vulnerability: Input passed to the "inc" parameter of the "view.php" and "open.php" scripts isn't properly sanitized before being returned to the user. A remote authenticated attacker can exploit this flaw to run arbitrary PHP code found in files on the affected host provided PHP's 'register_globals' setting is enabled.
* References:
http://www.securityfocus.com/archive/1/403990/30/0/threaded
http://www.securitytracker.com/alerts/2005/Jul/1014373.html
* Platforms Affected:
osTicket, osTicket versions 1.3.1beta and earlier
Any operating system Any version |
| Recommendation |
No upgrade or patch available as of July 2005.
Upgrade to the latest version of osTicket, when new fixed version becomes available from the osTicket Download Web site at http://www.osticket.com/downloads.php |
| Related URL |
CVE-2005-2153,CVE-2005-2154 (CVE) |
| Related URL |
14127 (SecurityFocus) |
| Related URL |
21278,21281 (ISS) |
|
