HIGH risk vulnerability has been found concerning the Java version of voms-proxy-init. During the proxy generation process it is possible for unauthorized users on the same machine to gain read access to the proxy. This allows the user to then perform any action that is possible with the original proxy.
The vulnerability was identified in the VOMS Java API (voms-api-java) v. 3.3.2 and is present in the VOMS Java Clients (voms-clients-java) v. 3.3.2. Earlier versions may be affected as well. The vulnerability is fixed in voms-api-java v. 3.3.3 and in voms-clients-java v. 3.3.4.
Further details are available in this SVG Advisory.
Recent Comments