CVE-2008-7278
published 2011-03-18CVE-2008-7278: The S/MIME feature in Open Ticket Request System (OTRS) before 2.2.5, and 2.3.x before 2.3.0-beta1, does not properly configure the RANDFILE environment…
PriorityP424medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
1.98%
78.1th percentile
The S/MIME feature in Open Ticket Request System (OTRS) before 2.2.5, and 2.3.x before 2.3.0-beta1, does not properly configure the RANDFILE environment variable for OpenSSL, which might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available for cryptographic operations, related to inability to write to the seeding file.
Affected
42 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | otrs2 | < otrs2 2.3.2-1 (bullseye) | otrs2 2.3.2-1 (bullseye) |
| otrs | otrs | <= 2.2.4 | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv5.0MEDIUM
vendor_debian5.0LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rgfv-29jm-8wcc: The S/MIME feature in Open Ticket Request System (OTRS) before 2
ghsa_unreviewed·2022-05-17
CVE-2008-7278 [MEDIUM] CWE-20 GHSA-rgfv-29jm-8wcc: The S/MIME feature in Open Ticket Request System (OTRS) before 2
The S/MIME feature in Open Ticket Request System (OTRS) before 2.2.5, and 2.3.x before 2.3.0-beta1, does not properly configure the RANDFILE environment variable for OpenSSL, which might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available for cryptographic operations, related to inability to write to the seeding file.
OSV
CVE-2008-7278: The S/MIME feature in Open Ticket Request System (OTRS) before 2
osv·2011-03-18·CVSS 5.0
CVE-2008-7278 [MEDIUM] CVE-2008-7278: The S/MIME feature in Open Ticket Request System (OTRS) before 2
The S/MIME feature in Open Ticket Request System (OTRS) before 2.2.5, and 2.3.x before 2.3.0-beta1, does not properly configure the RANDFILE environment variable for OpenSSL, which might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available for cryptographic operations, related to inability to write to the seeding file.
Debian
CVE-2008-7278: otrs2 - The S/MIME feature in Open Ticket Request System (OTRS) before 2.2.5, and 2.3.x ...
vendor_debian·2008·CVSS 5.0
CVE-2008-7278 [MEDIUM] CVE-2008-7278: otrs2 - The S/MIME feature in Open Ticket Request System (OTRS) before 2.2.5, and 2.3.x ...
The S/MIME feature in Open Ticket Request System (OTRS) before 2.2.5, and 2.3.x before 2.3.0-beta1, does not properly configure the RANDFILE environment variable for OpenSSL, which might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available for cryptographic operations, related to inability to write to the seeding file.
Scope: local
bullseye: resolved (fixed in 2.3.2-1)
No detection rules found.
No public exploits indexed.
2011-03-18
Published