Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "EGI CSIRT:Alerts"

From EGIWiki
Jump to navigation Jump to search
(Deprecate and redirect page)
Tag: Replaced
 
(37 intermediate revisions by 10 users not shown)
Line 1: Line 1:
<!--{{Egi-csirt-header}}-->
{{DeprecatedAndMovedTo|new_location=https://advisories.egi.eu/CSIRT_Alerts}}
{{New-Egi-csirt-header}}
 
Security alerts and/or security advisories will be sent to all EGI site security contacts or NGI security officers by EGI CSIRT using either an EGI broadcasting tool or a pre-established mailing list. They will also be listed on this page. They may cover a wide range of software, including — but not limited to — the EGI middleware.
 
{| {{egi-table}}
!Date !! Title !! Contents !! Rating
|-
|2010-XX-XX || A brief discription || Link to the alert/advisory ||Critical/High/Moderate/Low Risk
|}
 
The risk rating is in line with [https://wiki.egi.eu/wiki/SVG:Issue_Handling_Summary EGI SVG]'s practice.
 
== EGI Alerts / Advisories ==
The following alert bulletins describe security vulnerabilities or immediate threats against one or more sites or the EGI infrastructure and include recommendations and mitigation techniques.
 
[[EGI_CSIRT:Alerts/AdvisoryTemplate|This template]] should be used when drafting an advisory.
 
{| {{egi-table}}
!Date !! Title !! Contents !! Rating
|-
|2013-03-18|| Advisory concerning ptrace kernel vulnerability
|| [[EGI_CSIRT:Alerts/kernel-2013-03-18|Advisory-EGI-ADV-20130318 ]] || High
|-
| ||
|| | ||
|-
|2012-08-01|| Advisory concerning gLite 3.2 middleware components no longer supported on 01 August 2012.
|| [[EGI_CSIRT:Advisory/EGI-ADV-20120801/ |Advisory-EGI-ADV-20120801 ]] || Advisory
|-
|2012-07-17|| Critical  - Wrong permissions on directory containing user proxies|| [[EGI_CSIRT:Alerts/EMI-1-WMS-file-permissions |Alerts/EMI-1-WMS-file-permissions-2012-07-16]] || Critical
|-
|2012-07-16|| Advisory  - EGI CSIRT:Advisory; Upgrade gLite-3*, RHel4* and derivatives || [[EGI_CSIRT:Advisory |Advisory;Upgrade gLite-3*, RHel4* and derivatives]] || Advisory
|-
|2012-02-06|| MODERATE RISK - Multiple Vulnerabilities in the libxml (CVE-2012-3919 etc.)|| [[EGI_CSIRT:Alerts/libxml2-2012-02-06 |Alerts/libxml2-2012-02-06]] || Moderate
|-
|2012-01-23 || High risk vulnerability in Linux kernel: Insufficient /proc/pid/mem access control (CVE-2012-0056) || [[EGI_CSIRT:Alerts/kernel-2012-01-23|Alerts/kernel-2012-01-23]] || High
|-
|2011-12-28 || Critical telnetd vulnerability - Remote root vulnerability in telnet daemons (CVE-2011-4862) || [[EGI_CSIRT:Alerts/telnetd-2011-12-28|Alerts/telnetd-2011-12-28]]  || Critical
|-
|2011-06-15 || High Risk - Torque Authentication Bypass Vulnerability  (CVE-2011-2907) || [[EGI_CSIRT:Alerts/Torque-2011-06-15|Alerts/Torque-2011-06-15]]  || High
|-
|2011-04-12 || HIGH Risk glibc Vulnerability - privilege escalation (CVE-2011-0536) || [[EGI_CSIRT:Alerts/glibc-2011-04-12|Alerts/glibc-2011-04-12]]  || High
|-
|2011-03-30 || Critical Vulnerability detected in dCache Admin Web Interface || [[EGI_CSIRT:Alerts/dCache-2011-03-30|Alerts/dCache-2011-03-30]]  || Critical
|-
|2011-01-07 || High Risk Kernel Vulnerability:heap overflow in tipc_msg_build() (CVE-2010-3859)|| [[EGI_CSIRT:Alerts/tipc-2011-01-07|Alerts/tipc-2011-01-07]]  || High
|-
|2010-12-16 || HIGH root vulnerabilities in Tivoli Storage Manager (TSM) client software || [[EGI_CSIRT:Alerts/tsm-2010-12-16|Alerts/tsm-2010-12-16]]  || High
|-
|2010-11-18 || CRITICAL Local root vulnerability in systemtap  (CVE-2010-4170) || [[EGI_CSIRT:Alerts/systemtap-2010-11-18|Alerts/systemtap-2010-11-18]]  || Critical
|-
|2010-11-02 || HIGH iovec integer overflow in net/rds/rdma.c  (CVE-2010-3865) || [[EGI_CSIRT:Alerts/rds-rdma-2010-11-02|Alerts/rds/rdma-2010-11-02]]  || High
|-
|2010-10-23 || HIGH Vulnerability in C library dynamic linker (CVE-2010-3856) || [[EGI_CSIRT:Alerts/liblinker-2010-10-23|Alerts/liblinker-2010-10-23]]  || High
|-
|2010-10-20 || HIGH Local root vulnerability in RDS (CVE-2010-3904) || [[EGI_CSIRT:Alerts/rds-2010-10-20|Alerts/rds-2010-10-20]]  || High
|-
|2010-10-18 || HIGH Vulnerability in C library dynamic linker (CVE-2010-3847) || [[EGI_CSIRT:Alerts/liblinker-2010-10-18|Alerts/liblinker-2010-10-18]]  || High
|-
|2010-09-30 || RHEL4 patch for CVE-2010-3081 kernel vulnerability (CVE-2010-3081) || [[EGI_CSIRT:Alerts/kernel-2010-09-30|Alerts/kernel-2010-09-30]]  || Moderate
|-
|2010-09-16 || Critical Kernel Vulnerability: 64-bit Compatibility Mode Stack Pointer Corruption (CVE-2010-3081)|| [[EGI_CSIRT:Alerts/kernel-2010-09-16|Alerts/kernel-2010-09-16]] || Critical
|-
|2010-08-18 || Moderate Impact Vulnerabilities in Elog Web Application || [[EGI_CSIRT:Alerts/elog-2010-08-18|Alerts/elog-2010-08-18]] ||  Moderate
|-
|2010-06-28 || Moderate Impact Vulnerability In Intel Compiler Suite || [[EGI_CSIRT:Alerts/intel-28-06-2010|Alerts/intel-28-06-2010]] ||  Moderate
|}
 
== EGEE Alerts ==
List of alerts published during EGEE
 
{| {{egi-table}}
!Date !! Title !! Contents !! Rating
|-
|2009-11-24 || Critical-risk vulnerabilities CVE-2009-3547 || [https://wiki.egi.eu/csirt/index.php/Internal_Notes_on_CVEs Alerts/cve-3547] ||Critical risk
|-
|2009-10-20 || High-risk vulnerabilities in CREAM CE software || [[EGI_CSIRT:Alerts/cream-20-10-2009|Alerts/cream-20-10-2009]] ||High risk
|-
|2009-07-09 || Remote command execution in Nagios WAP/WML interface || [[EGI_CSIRT:Alerts/nagios-09-07-2009|Alerts/nagios-09-07-2009]] ||Medium risk
|-
|2008-07-29 || DNS cache poisoning/spoofing || [[EGI_CSIRT:Alerts/dns-29-07-2008|Alerts/dns-29-07-2008]] ||Medium risk
|-
|2006-10-23 || Critical Vulnerability: OpenPBS/Torque || [[EGI_CSIRT:Alerts/openpbs-23-10-2006|Alerts/openpbs-23-10-2006]] ||Extremely critical
|}
{{From OSCT wiki|http://osct.web.cern.ch/osct/alerts.html}}

Latest revision as of 14:12, 24 June 2022

Alert.png This article is Deprecated and has been moved to https://advisories.egi.eu/CSIRT_Alerts.