VDT logo
Search:

(Powered by Google)

VDT Security Advisories

DateAffected VersionsSummary and More Information
2008-06-09 All versions of the VDT prior to VDT 1.10.1c and 1.8.1n. Blank until sites have a chance to upgrade. Security risk: medium
2007-08-24 VDT versions 1.6.1 through 1.8.0 VOMRS is vulnerable to cross-site scripting attacks
2007-05-21 VDT versions 1.6.1 and earlier

Globus contains a potential denial of service attack that can be caused by sending invalid data to a GRAM 2 (pre-web services) job manager.

2007-04-10 VDT versions 1.6.1 and earlier Older versions of GSI OpenSSH contain a problem that may allow attackers to both deny service and execute arbitrary code.
2007-05-31 srmwatch version X and ealier, as packaged with the VDT packaging of dCache. (The version number will be supplied soon, but anything distributed before May 30, 2007 is vulnerable.)

SRMWatch contains an SQL injection attack that can allow malicious users to steal private data including proxy certificates.

2007-03-22 All VDT releases with Tomcat 5 Tomcat contains a information leakage vulnerability and MySQL 5 an SQL injection attack
2006-09-12 All VDT releases prior to 1.3.12 All versions of VOMS up through 1.6.16 (at least) contain a vulnerability that affects proxies and temporary files
2006-09-06 All VDT releases prior to 1.5.0. All versions of Globus before 4.0.3 contain vulnerabilities that affect proxies and temporary files.
2006-04-04 All VDT releases prior to 1.3.10b and 1.3.11 Condor versions prior to 6.7.18 and 6.6.11 contain security vulnerabilities
2006-03-13 Potentially all versions of the VDT 1.3 series before 1.3.9b and 1.1.14. File and directory permissions allow trusted users to gain root access.
2004-07-26 1.1.14 and below Certain GRIS information providers can allow arbitrary code execution as the use running the GRIS daemon.
2004-07-13 1.1.13, 1.1.14 GSI OpenSSH server, in combination with certain system settings, can allow an authenticated user to become any user on the system.
2004-12-16 1.2.2 and below A vulnerability in the Java Plug-in may allow an untrusted applet to escalate privileges.