Title: EGI SVG Advisory [TLP:White] 'Low' risk vulnerability concerning LHCb
setup scripts [EGI-SVG-2015-9809]
Date: 2016-06-08
Updated:
Affected Software and Risk
==========================
LOW risk vulnerability concerning LHCb setup scripts
Package :LHCb setup scripts
A vulnerability has been found where there are poor/insecure setup scripts. No
direct exploit has been found but these scripts should not be present.
Actions Required/Recommended
============================
None
Affected software Details.
==========================
LHCb version prior to v8r5p3 (released on 25/01/2016).
More information
================
This is for information/completeness only. Sites are not asked to take action.
TLP and URL
===========
** WHITE information - Unlimited distribution - see
https://go.egi.eu/tlp for distribution restrictions **
URL: https://advisories.egi.eu/2015/Advisory-SVG-2015-9809
Minor updates may be made without re-distribution to the sites
Credit
======
This vulnerability was reported by Simon Fayers from Imperial College.
Comments
========
Comments or questions should be sent to svg-rat at mailman.egi.eu
If you find or become aware of a vulnerability which is relevant to EGI you may
report it by e-mail to
report-vulnerability at egi.eu
the EGI Software Vulnerability Group will take a look.
Timeline
========
Yyyy-mm-dd [EGI-SVG-2015-9809]
2015-11-18 Vulnerability reported by Simon Fayer who is a member of SVG.
2015-11-18 Acknowledgement from the EGI SVG to the reporter
2015-11-18 Software providers responded and involved in investigation
2015-12-09 EGI SVG Risk Assessment completed
2015-12-09 Assessment by the EGI Software Vulnerability Group reported to the
software providers
2016-01-25 Updated packages available
2016-06-08 Public disclosure on wiki for completeness