otrs -- Scheduler Process ID File Access

2015-09-17T00:00:00
ID 1E7F0C11-673A-11E5-98C8-60A44C524F57
Type freebsd
Reporter FreeBSD
Modified 2015-09-17T00:00:00

Description

The OTRS project reports:

An attacker with valid LOCAL credentials could access and manipulate the process ID file for bin/otrs.schduler.pl from the CLI. The Proc::Daemon module 0.14 for Perl uses world-writable permissions for a file that stores a process ID, which allows local users to have an unspecified impact by modifying this file.