EGI SVG Advisories

Advisories from 2011 to 2013

Recent Advisories

EGI SVG primarily issues advisories concerning gLite Middleware.

CSIRT also issues general alerts at EGI CSIRT Alert

A guide to the risk categories is available at Notes On Risk

Date Title Contents/Link Risk Status
2013-10-25 Globus GSI-OpenSSH vulnerability Advisory-SVG-2013-5168 Moderate Fixed
2013-10-25 BDII Password access vulnerability Advisory-SVG-2013-5266 Moderate Fixed
2013-09-26 CVMFS root exploit Advisory-SVG-2013-5890 Critical Fixed
2013-09-17 Incorrect permission for APEL parser and client config Advisory-SVG-2013-5615 Moderate Fixed
2013-09-17 Potential for reduced availability of VOMS server Advisory-SVG-2012-3306 Low Fixed
2013-09-17 SAML implementation vulnerability in Unicore Advisory-SVG-2012-4228 Low Fixed
2013-06-14 CREAM BUpdater improperly validated input / arbitrary command execution Advisory-SVG-2013-5268 High Fixed
2013-04-29 CREAM Axis2 configuration file permissions Advisory-SVG-2013-5244 High Fixed
2013-04-17 VOMS Java APIs incorrect CRL checking Advisory-SVG-2012-4598 Moderate Fixed
2013-03-05 DPM SQL injection vulnerability Advisory-SVG-2011-2683 High Fixed
2013-02-25 L\&B servers not properly checked Advisory-SVG-2011-3202 Low Fixed
2013-02-19 DPM buffer overflow in SRM v2.2 endpoint Advisory-SVG-2012-4670 Moderate Fixed
2012-12-20 Gridftp CVE-201203292 Advisory-SVG-2012-3765 Low Fixed
2012-12-19 DPM world writable files Advisory-SVG-2012-4560 Moderate Fixed
2012-11-21 EMI-2 dcache-srmclient contains world writable files Advisory-SVG-2012-4600 High Fixed
2012-11-15 gLExec - processes not properly cleaned up Advisory-SVG-2011-1474 Low Fixed
2012-11-15 gLExec - prevention of job logging Advisory-SVG-2011-1641 Low Fixed
2012-08-29 EMI-1 WMS exposes user proxies Advisory-SVG-2012-4073 Critical Fixed
2012-08-29 WMS proxy theft vulnerability Advisory-SVG-2012-4039 High Fixed
2012-04-04 EMI VOMS CRL handling vulnerability Advisory-SVG-2012-3438 Low Fixed
2012-04-04 BDII Predictable passwords Advisory-SVG-2011-3235 Low Fixed
2012-01-24 Torque Munge Impersonation vulnerability Advisory-SVG-2011-3094 High Fixed
2012-01-24 APEL publisher File permission vulnerability Advisory-SVG-2011-504 Low Fixed
2012-01-09 File Permission on directory in vdt_globus_data_server RPM Advisory-SVG-2010-457 Low Disclosed
2011-11-15 BDII file permission and password vulnerability Advisory-SVG-2011-1414 Moderate Fixed
2011-08-15 Torque Authentication Bypass Vulnerability CVE-2011-2907 Advisory-SVG-2011-2296 High Fixed
2011-07-28 Insecure Library Loading Vulnerability in the VOMS server Advisory-SVG-2011-342 Low Fixed
2011-07-28 VOMS server /tmp file vulnerability Advisory-SVG-2011-1866 Low Fixed
2011-06-24 Torque Server Buffer Overflow Vulnerability - CVE-2011-2193. Advisory-SVG-2011-1870 Moderate Fixed
2011-04-19 Critical Vulnerability detected in dCache Admin Web Interface Advisory-SVG-2011-1569 Critical Fixed
2011-04-19 VOMS Admin vulnerabilities found by carrying out detailed vulnerability assessment of the package Advisory-SVG-2011-505 High Fixed
2011-04-04 WMS vulnerability allowing proxy access Advisory-SVG-2011-1502 High Fixed
2011-03-11 SQL injection vulnerability in the APEL software Advisory-SVG-2011-373 Moderate Fixed