Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

SVG:Advisory-SVG-2015-9809

From EGIWiki
Jump to navigation Jump to search
Main page Software Security Checklist Issue Handling Advisories Notes On Risk Advisory Template More

Advisory-SVG-2015-9809



Title:       EGI SVG Advisory [TLP:White] 'Low' risk vulnerability concerning LHCb setup scripts [EGI-SVG-2015-9809]  

Date:        2016-06-08  
Updated:     


Affected Software and Risk
==========================

LOW risk vulnerability concerning LHCb setup scripts

Package :LHCb setup scripts

A vulnerability has been found where there are poor/insecure setup scripts. No direct exploit has been found but 
these scripts should not be present. 


Actions Required/Recommended
============================

None

Affected software Details.
==========================

LHCb version prior to v8r5p3 (released on 25/01/2016).

More information
================

This is for information/completeness only.  Sites are not asked to take action. 

TLP and URL
===========

** WHITE information - Unlimited distribution - see https://wiki.egi.eu/wiki/EGI_CSIRT:TLP 
for distribution restrictions***                       

URL:   https://wiki.egi.eu/wiki/SVG:Advisory-SVG-2015-9809  

Minor updates may be made without re-distribution to the sites

Credit
======

This vulnerability was reported by Simon Fayers from Imperial College.


Comments
========

Comments or questions should be sent to svg-rat  at  mailman.egi.eu

If you find or become aware of a vulnerability which is relevant to EGI you may report it by e-mail to  

report-vulnerability at egi.eu
 
the EGI Software Vulnerability Group will take a look.  

Timeline  
========
Yyyy-mm-dd  [EGI-SVG-2015-9809] 

2015-11-18 Vulnerability reported by Simon Fayer who is a member of SVG.
2015-11-18 Acknowledgement from the EGI SVG to the reporter
2015-11-18 Software providers responded and involved in investigation
2015-12-09 EGI SVG Risk Assessment completed
2015-12-09 Assessment by the EGI Software Vulnerability Group reported to the software providers 
2016-01-25 Updated packages available 
2016-06-08 Public disclosure on wiki for completeness