Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @


From EGIWiki
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
Main page Software Security Checklist Issue Handling Advisories Notes On Risk Advisory Template More


EGI SVG primarily issues advisories concerning gLite Middleware.

CSIRT also issues general alerts at

A guide to the risk categories is available at Notes On Risk

Recent Advisories

Date Title Contents/Link Risk Status
2013-10-25 Globus GSI-OpenSSH vulnerability Advisory-SVG-2013-5168 Moderate Fixed
2013-10-25 BDII Password access vulnerability Advisory-SVG-2013-5266 Moderate Fixed
2013-09-26 CVMFS root exploit Advisory-SVG-2013-5890 Critical Fixed
2013-09-17 Incorrect permission for APEL parser and client config Advisory-SVG-2013-5615 Moderate Fixed
2013-09-17 Potential for reduced availability of VOMS server Advisory-SVG-2012-3306 Low Fixed
2013-09-17 SAML implementation vulnerability in Unicore Advisory-SVG-2012-4228 Low Fixed
2013-06-14 CREAM BUpdater improperly validated input / arbitrary command execution Advisory-SVG-2013-5268 High Fixed
2013-04-29 CREAM Axis2 configuration file permissions Advisory-SVG-2013-5244 High Fixed
2013-04-17 VOMS Java APIs incorrect CRL checking Advisory-SVG-2012-4598 Moderate Fixed
2013-03-05 DPM SQL injection vulnerability Advisory-SVG-2011-2683 High Fixed
2013-02-25 L&B servers not properly checked Advisory-SVG-2011-3202 Low Fixed
2013-02-19 DPM buffer overflow in SRM v2.2 endpoint Advisory-SVG-2012-4670 Moderate Fixed
2012-12-20 Gridftp CVE-201203292 Advisory-SVG-2012-3765 Low Fixed
2012-12-19 DPM world writable files Advisory-SVG-2012-4560 Moderate Fixed
2012-11-21 EMI-2 dcache-srmclient contains world writable files Advisory-SVG-2012-4600 High Fixed
2012-11-15 gLExec - processes not properly cleaned up Advisory-SVG-2011-1474 Low Fixed
2012-11-15 gLExec - prevention of job logging Advisory-SVG-2011-1641 Low Fixed
2012-08-29 EMI-1 WMS exposes user proxies Advisory-SVG-2012-4073 Critical Fixed
2012-08-29 WMS proxy theft vulnerability Advisory-SVG-2012-4039 High Fixed
2012-04-04 EMI VOMS CRL handling vulnerability Advisory-SVG-2012-3438 Low Fixed
2012-04-04 BDII Predictable passwords Advisory-SVG-2011-3235 Low Fixed
2012-01-24 Torque Munge Impersonation vulnerability Advisory-SVG-2011-3094 High Fixed
2012-01-24 APEL publisher File permission vulnerability Advisory-SVG-2011-504 Low Fixed
2012-01-09 File Permission on directory in vdt_globus_data_server RPM Advisory-SVG-2010-457 Low Disclosed
2011-11-15 BDII file permission and password vulnerability Advisory-SVG-2011-1414 Moderate Fixed
2011-08-15 Torque Authentication Bypass Vulnerability CVE-2011-2907 Advisory-SVG-2011-2296 High Fixed
2011-07-28 Insecure Library Loading Vulnerability in the VOMS server Advisory-SVG-2011-342 Low Fixed
2011-07-28 VOMS server /tmp file vulnerability Advisory-SVG-2011-1866 Low Fixed
2011-06-24 Torque Server Buffer Overflow Vulnerability - CVE-2011-2193. Advisory-SVG-2011-1870 Moderate Fixed
2011-04-19 Critical Vulnerability detected in dCache Admin Web Interface Advisory-SVG-2011-1569 Critical Fixed
2011-04-19 VOMS Admin vulnerabilities found by carrying out detailed vulnerability assessment of the package Advisory-SVG-2011-505 High Fixed
2011-04-04 WMS vulnerability allowing proxy access Advisory-SVG-2011-1502 High Fixed
2011-03-11 SQL injection vulnerability in the APEL software Advisory-SVG-2011-373 Moderate Fixed