Grid Security Vulnerability Group - Advisory

-- Topic:          Wrong permissions on glue.config file used by R-GMA
-- Date:           2007-08-02,  updated 2008-07-14, updated 2010-03-08
-- ID:	           Grid Vulnerability Savannah bug #27595

-- Background

R-GMA stands for the Relational Grid Monitoring Architecture and
it provides the framework for the the operations of the distributed
monitoring database. The file glue.config is used to configure the information 
service glue schema.

-- Vulnerability Details

There is a file permission problem with  with the file glue.config

-- Grid Security Vulnerability Group Response

The Grid Security Vulnerability Group considers this issue to be 'Low' risk, and
recommends that sites using this consider either following the precautionary measures or
checks or move to the latest version of R-GMA which has become available. 


-- Component and Installation information.

A new version of R-GMA is available from

http://hepunx.rl.ac.uk/egee/jra1-uk/r-gma-6.0/installation.html

R-GMA is not currently distributed as part of gLite 3.2, and the earlier version distributed with gLite 3.1 is not being upgraded to the latest version supplied by the R-GMA developers



-- Precautionary measures or checks

Sites may wish to manually change the file permission - 

chmod 640 /opt/glite/etc/rgma-glue-archiver/glue.config  


-- Credit
This vulnerability was initially reported by Antonio Retico


-- Disclosure Timeline
Yyyy-mm-dd

2007-06-27 Vulnerability reported by Antonio Retico in the glite middleware savannah
2007-08-02 Initial response from the Grid Security Vulnerability Group
2008-07-14 Advisory revised to update the current situation
2010-03-09 Public disclosure as new version of R-GMA is available with this problem fixed

-- References
 If applicable
==========================================================================