EGI CSIRT:Alerts

From EGIWiki
Revision as of 16:11, 16 November 2011 by Mingchao (talk | contribs)
Jump to: navigation, search


| Mission | Members | Contacts
| Incident handling | Alerts | Monitoring | Security challenges | Procedures | Dissemination



Security alerts and/or security advisories will be sent to all EGI site security contacts or NGI security officers by EGI CSIRT using either an EGI broadcasting tool or a pre-established mailing list. They will also be listed on this page. They may cover a wide range of software, including — but not limited to — the EGI middleware.

Date Title Contents Rating
2010-XX-XX A brief discription Link to the alert/advisory Critical/High/Moderate/Low Risk

The risk rating is in line with EGI SVG's practice.

EGI Alerts / Advisories

The following alert bulletins describe security vulnerabilities or immediate threats against one or more sites or the EGI infrastructure and include recommendations and mitigation techniques.

This template should be used when drafting an advisory.

Date Title Contents Rating
2011-06-15 High Risk - Torque Authentication Bypass Vulnerability (CVE-2011-2907) Alerts/Torque-2011-06-15 High
2011-04-12 HIGH Risk glibc Vulnerability - privilege escalation (CVE-2011-0536) Alerts/glibc-2011-04-12 High
2011-03-30 Critical Vulnerability detected in dCache Admin Web Interface Alerts/dCache-2011-03-30 Critical
2011-01-07 High Risk Kernel Vulnerability:heap overflow in tipc_msg_build() (CVE-2010-3859) Alerts/tipc-2011-01-07 High
2010-12-16 HIGH root vulnerabilities in Tivoli Storage Manager (TSM) client software Alerts/tsm-2010-12-16 High
2010-11-18 CRITICAL Local root vulnerability in systemtap (CVE-2010-4170) Alerts/systemtap-2010-11-18 Critical
2010-11-02 HIGH iovec integer overflow in net/rds/rdma.c (CVE-2010-3865) Alerts/rds/rdma-2010-11-02 High
2010-10-23 HIGH Vulnerability in C library dynamic linker (CVE-2010-3856) Alerts/liblinker-2010-10-23 High
2010-10-20 HIGH Local root vulnerability in RDS (CVE-2010-3904) Alerts/rds-2010-10-20 High
2010-10-18 HIGH Vulnerability in C library dynamic linker (CVE-2010-3847) Alerts/liblinker-2010-10-18 High
2010-09-30 RHEL4 patch for CVE-2010-3081 kernel vulnerability (CVE-2010-3081) Alerts/kernel-2010-09-30 Moderate
2010-09-16 Critical Kernel Vulnerability: 64-bit Compatibility Mode Stack Pointer Corruption (CVE-2010-3081) Alerts/kernel-2010-09-16 Critical
2010-08-18 Moderate Impact Vulnerabilities in Elog Web Application Alerts/elog-2010-08-18 Moderate
2010-06-28 Moderate Impact Vulnerability In Intel Compiler Suite Alerts/intel-28-06-2010 Moderate

EGEE Alerts

List of alerts published during EGEE

Date Title Contents Rating
2009-11-24 Critical-risk vulnerabilities CVE-2009-3547 Alerts/cve-3547 Critical risk
2009-10-20 High-risk vulnerabilities in CREAM CE software Alerts/cream-20-10-2009 High risk
2009-07-09 Remote command execution in Nagios WAP/WML interface Alerts/nagios-09-07-2009 Medium risk
2008-07-29 DNS cache poisoning/spoofing Alerts/dns-29-07-2008 Medium risk
2006-10-23 Critical Vulnerability: OpenPBS/Torque Alerts/openpbs-23-10-2006 Extremely critical

Source

Parts of this article came from the OSCT wiki, this was written by the EGEE Operational Security Coordination Team.