GSVG Advisories 2010

The GSVG produces advisory notices for Grid security vulnerabilities, and these are published below. Release notes should refer to advisories

Notes on advisories advisories from 2007 and 2008
Notes on Risk advisories from 2009
release notes for gLite 3.1 distribution release notes for gLite 3.2 distribution

Date Title Advisory Risk Status
19/08/10 Shell account access to Worker Nodes advisory-41748.txt Low Won't fix
19/08/10 gridftp log can be accessed via gridftp advisory-26934.txt Low Disclosed
18/08/10 Version of OpenSSL distributed by the Globus Alliance advisory-30202.txt Low Fixed
06/08/07 revised 18/10/07 revised 18/08/10 File systems allow user access to system files advisory-20192.txt Moderate Disclosed
06/08/07 updated 16/08/10 Java trustmanager does not consider CA signing policies advisory-15363.txt Low Fixed
06/09/07 updated 16/08/10 fork job manager advisory-9055.txt ** Won't fix
23/07/10 Trustmanager:Possibility of a MITM attack advisory-60514.txt Low Fixed
23/07/10 Trustmanager: not checking host name in host certificate advisory-10278.txt Low Fixed
23/07/10 dCache: Runs as root advisory-45212.txt -- Info
23/07/10 dCache: Possible untraceable dCache data access/destruction advisory-15626.txt High Info
09/03/10 updated 23/07/10 dCache: vulnerability in the SRM doors advisory-53668.txt Low Fixed
15/04/10 Issues from Poznan Supercomputing and Networking Centre review of gLexec advisory-57604.txt Low Fixed
15/04/10 Vulnerabilities found in gLexec by the University of Wisconsin Vulnerability assessment project advisory-51107.txt Low Fixed
15/04/10 ARGUS banning by CA does not work advisory-55971.txt Low Fixed
15/04/10 Inadequate Certificate validation in ARGUS advisory-59718.txt Low Fixed
04/12/09 updated 25/03/10 There is a Vulnerability which allows a user to crash the LFC/DPM server advisory-50397.txt Low Fixed
09/03/10 R-GMA: SQL injection vulnerabilities advisory-32907.txt Moderate Fixed &&
09/03/10 R-GMA: Wrong file permission on config file advisory-27595.txt Low Fixed &&
09/03/10 Job information per user is published openly in R-GMA advisory-11330.txt ** Fixed &&
09/03/10 R-GMA: No Authorization advisory-10707.txt ** Fixed &&
09/03/10 R-GMA: logging level can be set remotely advisory-9266.txt ** Fixed &&
06/08/07 updated 09/03/10 R-GMA: MySQL backdoor advisory-8974.txt Low Fixed &&
09/03/10 Users in the LCAS ban file may still access dCache advisory-45207.txt Low Info
01/12/08 updated 03/03/10 LCAS/LCMAPS vulnerability affecting Condor CE advisory-35858.txt High Fixed
16/02/10 Argus may allow a banned user under heavy load advisory-56758.txt Low Fixed
13/08/07 updated 19/01/10 DN information leak on the RB/WMS advisory-18049.txt Low Obsolete
11/01/10 gLite-ce-blahp command injection vulnerability advisory-55825.txt Moderate Fixed
11/01/10 Possible Privilege escalation inside Torque advisory-42652.txt Moderate Fixed

** issues which were originally handled before the start of EGEE-II and not re-assessed with the EGEE-II criteria.

&& updated version not available from gLite.

Status Explanation
Fixed Patches available/fully resolved
Disclosed Disclosed due to reaching Target date
Obsolete S/W no longer in use
Info Information only
Won't Fix This is not going to be fixed

GSVG home


Last modified Thu 19 August 2010 . View page history
Switch to HTTPS . Website Help . Print View . Built with GridSite 1.4.3
For more about GridPP please contact Neasan O'Neill