Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @


From EGIWiki
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
Main page Software Security Checklist Issue Handling Advisories Notes On Risk Advisory Template More


** WHITE information - Unlimited distribution allowed                       **  

** see for distribution restrictions **


Title:       EGI SVG Advisory 'Moderate' Risk DPM buffer overflow in SRM v2.2 endpoint

Date:        2013-02-19



A buffer overflow vulnerability has found in DPM in SRM v2.2 endpoint 

A new version of DPM which resolves these vulnerabilities is now available in the in 
the EMI-1 and EMI-2 distributions.

This version is also available in EGI UMD-1 and EGI UMD-2. 


A buffer overflow vulnerability has been found in DPM in the SRM v2.2 endpoint

Risk category

This issue has been assessed as "Moderate" risk by the EGI SVG Risk Assessment Team.  

Affected software

DPM version 1.8.4 available both in the EMI 2 distribution and the EGI UMD 2 distribution. 

DPM version 1.8.2 available both in the EMI 1 distribution and the EGI UMD 1 distribution 

This vulnerability has been fixed in DPM 1.8.6 as available in EMI 1 Update 23 and EMI 2 Update 8.

The package has also been released in EGI UMD-1  
Release 1.10.0 

and UMD-2 Release 2.4.0

Component installation information

The official repository for the distribution of grid middleware for EGI sites is which contains the EGI Unified Middleware Distribution (UMD).

Sites using the EGI UMD should see:

Sites installing directly from EMI should see:


Sites are recommended to update relevant components.


This vulnerability was reported to SVG by Eygene Ryabinkin 


2012-11-19 Vulnerability reported by to SVG by Eygene Ryabinkin 
2012-11-19 Acknowledgement from the EGI SVG to the reporter
2012-11-21 Assessment by the EGI Software Vulnerability Group reported 
           to the software providers
2013-01-28 Updated packages available in the EMI distribution
2013-02-19 Updated packages available in the EGI UMD-1 and EGI UMD-2 
2013-02-19 Public disclosure