SVG:Advisory-SVG-2015-9809
Jump to navigation
Jump to search
Main page | Software Security Checklist | Issue Handling | Advisories | Notes On Risk | Advisory Template | More |
Advisory-SVG-2015-9809
Title: EGI SVG Advisory [TLP:White] 'Low' risk vulnerability concerning LHCb setup scripts [EGI-SVG-2015-9809] Date: 2016-06-08 Updated: Affected Software and Risk ========================== LOW risk vulnerability concerning LHCb setup scripts Package :LHCb setup scripts A vulnerability has been found where there are poor/insecure setup scripts. No direct exploit has been found but these scripts should not be present. Actions Required/Recommended ============================ None Affected software Details. ========================== LHCb version prior to v8r5p3 (released on 25/01/2016). More information ================ This is for information/completeness only. Sites are not asked to take action. TLP and URL =========== ** WHITE information - Unlimited distribution - see https://wiki.egi.eu/wiki/EGI_CSIRT:TLP for distribution restrictions*** URL: https://wiki.egi.eu/wiki/SVG:Advisory-SVG-2015-9809 Minor updates may be made without re-distribution to the sites Credit ====== This vulnerability was reported by Simon Fayers from Imperial College. Comments ======== Comments or questions should be sent to svg-rat at mailman.egi.eu If you find or become aware of a vulnerability which is relevant to EGI you may report it by e-mail to report-vulnerability at egi.eu the EGI Software Vulnerability Group will take a look. Timeline ======== Yyyy-mm-dd [EGI-SVG-2015-9809] 2015-11-18 Vulnerability reported by Simon Fayer who is a member of SVG. 2015-11-18 Acknowledgement from the EGI SVG to the reporter 2015-11-18 Software providers responded and involved in investigation 2015-12-09 EGI SVG Risk Assessment completed 2015-12-09 Assessment by the EGI Software Vulnerability Group reported to the software providers 2016-01-25 Updated packages available 2016-06-08 Public disclosure on wiki for completeness