FKIE_CVE-2008-7278
Vulnerability from fkie_nvd - Published: 2011-03-18 16:55 - Updated: 2026-04-29 01:13
Severity
Summary
The S/MIME feature in Open Ticket Request System (OTRS) before 2.2.5, and 2.3.x before 2.3.0-beta1, does not properly configure the RANDFILE environment variable for OpenSSL, which might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available for cryptographic operations, related to inability to write to the seeding file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05789283-BD1A-4C3E-AD5F-9411D9216571",
"versionEndIncluding": "2.2.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta1:*:*:*:*:*:*",
"matchCriteriaId": "1985DCF5-4528-4246-B1E7-75703CF8849C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta2:*:*:*:*:*:*",
"matchCriteriaId": "47EFAC2B-AB6C-4327-997C-9B10F7360163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta3:*:*:*:*:*:*",
"matchCriteriaId": "5D25927B-BDD3-4A3C-901B-8F62C422D266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7134888F-1296-4AFD-8ECC-A1A2486C74AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta5:*:*:*:*:*:*",
"matchCriteriaId": "5F7F2EAA-0744-4BFA-AAEB-66515507BC34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta6:*:*:*:*:*:*",
"matchCriteriaId": "B781EFF2-2502-4212-89DB-BF52DFBA41BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta7:*:*:*:*:*:*",
"matchCriteriaId": "4E4196EF-6C16-473C-9A71-A8FC728CD2DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:0.5:beta8:*:*:*:*:*:*",
"matchCriteriaId": "9E00ACBC-60E5-44B7-961C-23CD1903112D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "ACCB8907-B5F7-4C20-A6CE-C8D52F2D1DE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C433CD8B-143A-4237-A54B-A9D4C27B061C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "42D518B5-B9A9-4831-927C-104D2803533E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACEE63A-4C9C-46F4-BF73-51C931C046BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A81DFFC-99A6-4AFB-BD95-7202528B87CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3FC0F48B-5E12-4656-B848-2DC9A4F8D00C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EE262525-B533-46C9-B845-1F5214F6177F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8371E67D-8784-4C0B-B577-2FBC051F8CA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6FF4CC40-2DB2-474B-ABC3-57EA268CACDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13E9302A-1278-40B8-B2D4-FEB9BB276622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9582CBC7-B5FA-467D-8F1B-AF9AB308F27C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EBAABF11-2B91-41DF-9564-E75D88AE43A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "824350BB-4C29-43FE-B205-22D36BE93731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "C2C4825A-A860-4212-83EA-FE04B110A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "C517953B-0B47-4B45-90DA-C9DCC8E2536A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "C5C3344F-E284-477B-A322-ABF34AD80124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC14AEFD-7F68-4E64-9D23-A933352E74C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D95DB73E-D417-455F-A754-67555E86AD92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CC0430A7-F27E-430C-9D9D-A4AE86C889D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A2278B3B-B9D6-4E67-B118-2B798C5F1432",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "5186A3DD-7D17-4D2E-B756-EF1AD5C6B42A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3E7556D7-D593-4AF3-8D0E-7E10E1C5316A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "05747F3E-27E8-4E04-B80D-D8C38FBDA4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "74CBA83A-443E-4B1D-85D2-55FFB2FEB782",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6FE3DE-6D43-404F-BCE8-861E0584AA18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE712DC3-5CA0-4157-A501-483BBDBF7B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86CD9921-3CFC-49F7-9C91-5049E41ADD15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A777AA53-6900-483D-8C31-F9C415DE9B2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "53949C54-F416-46C6-A784-441880F0D8E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "2896D75B-07EC-4224-9018-0BF55DE16379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "A6607C7B-E121-4DCD-8FA0-5B202B97D624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "4FBA783C-32B5-4264-9701-3843710499E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "1EB26560-C681-436F-9F41-D927C501791E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49CBB470-37A6-4D09-BA71-8EAB8931554E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1D725C-CBE6-49A4-B6FC-3D80E35E0135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "63608BED-2700-4EF7-9038-B295FF373FD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5386B686-3421-4F4E-AC5E-6567FE12E03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0E712714-6E03-43BA-B375-929638730B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "12B1D7F7-51C3-460E-BDE3-0C40B692B622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EF9AEA70-9DC8-41B5-A4D4-F86828F9E35A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7BAB384-AC74-4D75-BFE2-8CBC2C0A830F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E365F79A-BDDA-430D-B39F-FADADA91A0F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9223D9-B5F8-4D9A-98F8-5D73852B2E0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC91C532-9CCD-4353-A6C3-E297A1F5BD77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6BAAB79E-8DC5-4BFF-9BD2-9215DA2B775D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C7B601-0CBD-4861-855E-A4F64157A8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B715EC14-D79A-4CB4-A875-380F66A45C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "20C9C4DB-4E5D-4D01-B174-D6682831B184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6D25611D-231B-4CBA-8DC3-5F6CE90ADA56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "01E9FF1B-AFFE-43C1-8E06-15DA8564D62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "ACE6A6EB-7264-4AE8-8CC4-994969E8B136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "FEEFDE04-B409-47BF-BF71-0C87A7A6893D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7ECC731E-7B47-4AAA-B009-E8CE73AE354A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DADC404F-08B0-48A7-84DB-5270B8E1A147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "091E423C-A9D5-4ED8-93C7-5CDD57DC3B00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEC4E93-34C5-418B-B12C-CABE500D5171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75BE131A-342E-475C-9522-E53A8A8A1BA0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The S/MIME feature in Open Ticket Request System (OTRS) before 2.2.5, and 2.3.x before 2.3.0-beta1, does not properly configure the RANDFILE environment variable for OpenSSL, which might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available for cryptographic operations, related to inability to write to the seeding file."
},
{
"lang": "es",
"value": "La funci\u00f3n S/MIME en Open Ticket Request System (OTRS) anterior a v2.2.5, y v2.3.x anteriores a v2.3.0-beta1, no configura correctamente la variable de entorno RANDFILE para OpenSSL, lo que podr\u00eda facilitar a los atacantes remotos descifrar mensajes de correo electr\u00f3nico que ten\u00edan menos entrop\u00eda de la previsto para operaciones de cifrado, relacionado con la imposibilidad de escribir en el fichero de generaci\u00f3n de semilla para claves."
}
],
"id": "CVE-2008-7278",
"lastModified": "2026-04-29T01:13:23.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-03-18T16:55:01.407",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=2539"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=2844"
},
{
"source": "cve@mitre.org",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=2539"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://bugs.otrs.org/show_bug.cgi?id=2844"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…