SRMWatch contains an SQL injection attack that can allow malicious users to steal private data including proxy certificates.
A arbitrary SQL injection exploit has been found in SRM Watch, a tool for monitoring transfers in SRM-dCache. By default SRM Watch is not able to modify the database, however private data, in particular user proxies, can be accessed. If SRM Watch were allowed write permission (which may be the case in some installations), the SRM database could additionally be corrupted, rendering, SRM server non-operational.
This problem exists in srmwatch as packaged in the VDT packaging of dCache.
Please disable SRM Watch until a patch is available. To do so, run the following commands while SRM is still running.
> cd /opt/d-cache/srmwatch-1.0 > ./undeploy_srmwatch while srm is