GSVG Advisories 2010
The GSVG produces advisory notices for Grid security vulnerabilities, and these are published below. Release notes should refer to advisories
| Notes on advisories | advisories from 2007 and 2008 |
| Notes on Risk | advisories from 2009 |
| release notes for gLite 3.1 distribution | release notes for gLite 3.2 distribution |
| Date | Title | Advisory | Risk | Status |
|---|---|---|---|---|
| 19/08/10 | Shell account access to Worker Nodes | advisory-41748.txt | Low | Won't fix |
| 19/08/10 | gridftp log can be accessed via gridftp | advisory-26934.txt | Low | Disclosed |
| 18/08/10 | Version of OpenSSL distributed by the Globus Alliance | advisory-30202.txt | Low | Fixed |
| 06/08/07 revised 18/10/07 revised 18/08/10 | File systems allow user access to system files | advisory-20192.txt | Moderate | Disclosed |
| 06/08/07 updated 16/08/10 | Java trustmanager does not consider CA signing policies | advisory-15363.txt | Low | Fixed |
| 06/09/07 updated 16/08/10 | fork job manager | advisory-9055.txt | ** | Won't fix |
| 23/07/10 | Trustmanager:Possibility of a MITM attack | advisory-60514.txt | Low | Fixed |
| 23/07/10 | Trustmanager: not checking host name in host certificate | advisory-10278.txt | Low | Fixed |
| 23/07/10 | dCache: Runs as root | advisory-45212.txt | -- | Info |
| 23/07/10 | dCache: Possible untraceable dCache data access/destruction | advisory-15626.txt | High | Info |
| 09/03/10 updated 23/07/10 | dCache: vulnerability in the SRM doors | advisory-53668.txt | Low | Fixed |
| 15/04/10 | Issues from Poznan Supercomputing and Networking Centre review of gLexec | advisory-57604.txt | Low | Fixed |
| 15/04/10 | Vulnerabilities found in gLexec by the University of Wisconsin Vulnerability assessment project | advisory-51107.txt | Low | Fixed |
| 15/04/10 | ARGUS banning by CA does not work | advisory-55971.txt | Low | Fixed |
| 15/04/10 | Inadequate Certificate validation in ARGUS | advisory-59718.txt | Low | Fixed |
| 04/12/09 updated 25/03/10 | There is a Vulnerability which allows a user to crash the LFC/DPM server | advisory-50397.txt | Low | Fixed |
| 09/03/10 | R-GMA: SQL injection vulnerabilities | advisory-32907.txt | Moderate | Fixed && |
| 09/03/10 | R-GMA: Wrong file permission on config file | advisory-27595.txt | Low | Fixed && |
| 09/03/10 | Job information per user is published openly in R-GMA | advisory-11330.txt | ** | Fixed && |
| 09/03/10 | R-GMA: No Authorization | advisory-10707.txt | ** | Fixed && |
| 09/03/10 | R-GMA: logging level can be set remotely | advisory-9266.txt | ** | Fixed && |
| 06/08/07 updated 09/03/10 | R-GMA: MySQL backdoor | advisory-8974.txt | Low | Fixed && |
| 09/03/10 | Users in the LCAS ban file may still access dCache | advisory-45207.txt | Low | Info |
| 01/12/08 updated 03/03/10 | LCAS/LCMAPS vulnerability affecting Condor CE | advisory-35858.txt | High | Fixed |
| 16/02/10 | Argus may allow a banned user under heavy load | advisory-56758.txt | Low | Fixed |
| 13/08/07 updated 19/01/10 | DN information leak on the RB/WMS | advisory-18049.txt | Low | Obsolete |
| 11/01/10 | gLite-ce-blahp command injection vulnerability | advisory-55825.txt | Moderate | Fixed |
| 11/01/10 | Possible Privilege escalation inside Torque | advisory-42652.txt | Moderate | Fixed |
** issues which were originally handled before the start of EGEE-II and not re-assessed with the EGEE-II criteria.
&& updated version not available from gLite.
| Status | Explanation |
|---|---|
| Fixed | Patches available/fully resolved |
| Disclosed | Disclosed due to reaching Target date |
| Obsolete | S/W no longer in use |
| Info | Information only |
| Won't Fix | This is not going to be fixed |
Last modified Thu 19 August 2010 . View page history
Switch to HTTPS . Website Help . Print View . Built with GridSite 1.4.3