CVE-2008-7278

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2008-7278

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2008-7278.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2008-7278

Downstream

DEBIAN-CVE-2008-7278

Published

2011-03-18T16:55:01Z

Modified

2025-04-11T00:51:21Z

Summary

[none]

Details

The S/MIME feature in Open Ticket Request System (OTRS) before 2.2.5, and 2.3.x before 2.3.0-beta1, does not properly configure the RANDFILE environment variable for OpenSSL, which might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available for cryptographic operations, related to inability to write to the seeding file.

References

http://bugs.otrs.org/show_bug.cgi?id=2539
http://bugs.otrs.org/show_bug.cgi?id=2844
http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807

CVE-2008-7278

Affected packages