Most of you will have seen this already. I don't think it affects any of
the dCache sites, but you should be aware of it anyway.
Greig
EGEE BROADCAST wrote:
> ------------------------------------------------------------------------------------
>
> Publication from : thackray <[log in to unmask]> (CERN)
>
> This mail has been sent using the broadcasting tool available at http://cic.gridops.org
>
> ------------------------------------------------------------------------------------
>
> Dear Site Admins and Security Contacts,
>
> SRMwatch is a dCache add-on package providing SRM monitoring capabilities by connecting to the SRM database and extract statistics.
>
> We have been made aware by the developers that it currently suffers from an injection vulnerability, which may allow an attacker to execute arbitrary database commands on the SRM database.
>
> There is currently no updated package available to correct this issue, therefore all sites using this add-on should disable it until an new release is made available.
>
> Please note that this package is not part of the default installation.
>
> Regards,
> Romain Wartel [log in to unmask]
> EGEE Operational Security Coordination Team
|