SVG:Advisory-SVG-2015-9809
Jump to navigation
Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
Main page | Software Security Checklist | Issue Handling | Advisories | Notes On Risk | Advisory Template | More |
Advisory-SVG-2015-9809
Title: EGI SVG Advisory [TLP:White] 'Low' risk vulnerability concerning LHCb setup scripts [EGI-SVG-2015-9809] Date: 2016-06-08 Updated: Affected Software and Risk ========================== LOW risk vulnerability concerning LHCb setup scripts Package :LHCb setup scripts A vulnerability has been found where there are poor/insecure setup scripts. No direct exploit has been found but these scripts should not be present. Actions Required/Recommended ============================ None Affected software Details. ========================== LHCb version prior to v8r5p3 (released on 25/01/2016). More information ================ This is for information/completeness only. Sites are not asked to take action. TLP and URL =========== ** WHITE information - Unlimited distribution - see https://wiki.egi.eu/wiki/EGI_CSIRT:TLP for distribution restrictions*** URL: https://wiki.egi.eu/wiki/SVG:Advisory-SVG-2015-9809 Minor updates may be made without re-distribution to the sites Credit ====== This vulnerability was reported by Simon Fayers from Imperial College. Comments ======== Comments or questions should be sent to svg-rat at mailman.egi.eu If you find or become aware of a vulnerability which is relevant to EGI you may report it by e-mail to report-vulnerability at egi.eu the EGI Software Vulnerability Group will take a look. Timeline ======== Yyyy-mm-dd [EGI-SVG-2015-9809] 2015-11-18 Vulnerability reported by Simon Fayer who is a member of SVG. 2015-11-18 Acknowledgement from the EGI SVG to the reporter 2015-11-18 Software providers responded and involved in investigation 2015-12-09 EGI SVG Risk Assessment completed 2015-12-09 Assessment by the EGI Software Vulnerability Group reported to the software providers 2016-01-25 Updated packages available 2016-06-08 Public disclosure on wiki for completeness