GSVG Advisories 2009
The GSVG produces advisory notices for Grid security vulnerabilities, and these are published below. Release notes should refer to advisories
| Notes on advisories | advisories from 2007 and 2008 |
| Notes on Risk | release notes for gLite 3.1 distribution |
| release notes for gLite 3.2 distribution |
| Date | Title | Advisory | Risk | Status |
|---|---|---|---|---|
| 16/12/09 | User gets authorized despite having invalid VOMS extensions using LCMAPS | advisory-51236.txt | Low | Disclosed |
| 04/12/09 updated 25/03/10 | There is a Vulnerability which allows a user to crash the LFC/DPM server | advisory-50397.txt | Low | Fixed |
| 17/11/09 | MD5 not fully secure and used by VOMS | advisory-46041.txt | Low | Disclosed |
| 17/11/09 | MD5 not fully secure and used by globus version distributed in gLite | advisory-46042.txt | Low | Disclosed |
| 27/10/09 | edg-mkgridmap doesn't verify server certificates | advisory-48455.txt | Low | Disclosed |
| 06/10/09 | There is a root exploit in the CREAM CE | advisory-55552.txt | High | Fixed |
| 06/10/09 | Password problem with the Cream CE | advisory-55551.txt | High | Fixed |
| 18/06/09 | The dCache software ignores permissions on directories when listing their contents | advisory-14923.txt | Moderate | Fixed |
| 14/05/09 | It may be possible to fake Roles in VOMS | advisory-42083.txt | Moderate | Fixed |
| 20/08/07, updated 10/04/08, updated 08/05/09 | Usage of long lived proxies | advisory-9059.txt | ** | Fixed |
| 06/05/09 | Service Discovery may lead to proxy delegation to hosts a user does not trust | advisory-46970.txt | Low | Fixed |
| 06/04/09 | Proxy theft Vulnerability in CESGA SGE job manager | advisory-43233.txt | High | Fixed |
| 20/02/09 | The Logging and Bookkeeping server accepts recycled job identifiers | advisory-27273.txt | Low | Disclosed |
| 13/02/09 | VOMS - 512 bit proxies may not be secure | advisory-35570.txt | Low | Fixed |
| 16/08/07 revised 09/02/09 | LCMAPS account recycling with a non-unique group mapping | advisory-9048.txt | ** | Disclosed |
** issues which were originally handled before the start of EGEE-II and not re-assessed with the EGEE-II criteria.
| Status | Explanation |
|---|---|
| Fixed | Patches available/fully resolved |
| Disclosed | Disclosed due to reaching Target date |
| Obsolete | S/W no longer in use |
Last modified Thu 25 March 2010 . View page history
Switch to HTTPS . Website Help . Print View . Built with GridSite 1.4.3