TIBCO Hawk Configuration Interface Local Buffer Overflow Vulnerability
BID:18300
CVE-2006-2829 |Info
TIBCO Hawk Configuration Interface Local Buffer Overflow Vulnerability
| Bugtraq ID: | 18300 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Jun 06 2006 12:00AM |
| Updated: | Jun 06 2006 09:07PM |
| Credit: | The vendor disclosed this issue. |
| Vulnerable: |
TIBCO Runtime Agent 0 TIBCO Hawk 0 |
| Not Vulnerable: |
TIBCO Runtime Agent 5.4 TIBCO Hawk 4.6.1 |
Discussion
TIBCO Hawk Configuration Interface Local Buffer Overflow Vulnerability
TIBCO Hawk is susceptible to a local buffer-overflow vulnerability. This issue is due to the application's failure to properly check boundaries of user-supplied command-line argument data before copying it to an insufficiently sized memory buffer.
Attackers may exploit this issue to execute arbitrary machine code with elevated privileges. This is a vulnerability only if the affected software is installed with setuid-privileges on UNIX computers or if it is installed as a service running with administrative privileges on Microsoft Windows computers.
TIBCO Hawk versions prior to 4.6.1 and TIBCO Runtime Agent versions prior to 5.4 are vulnerable to this issue.
TIBCO Hawk is susceptible to a local buffer-overflow vulnerability. This issue is due to the application's failure to properly check boundaries of user-supplied command-line argument data before copying it to an insufficiently sized memory buffer.
Attackers may exploit this issue to execute arbitrary machine code with elevated privileges. This is a vulnerability only if the affected software is installed with setuid-privileges on UNIX computers or if it is installed as a service running with administrative privileges on Microsoft Windows computers.
TIBCO Hawk versions prior to 4.6.1 and TIBCO Runtime Agent versions prior to 5.4 are vulnerable to this issue.
Exploit / POC
TIBCO Hawk Configuration Interface Local Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution / Fix
TIBCO Hawk Configuration Interface Local Buffer Overflow Vulnerability
Solution:
The vendor has released an advisory, along with fixes to address this issue. Please see the referenced advisory for further information on obtaining and applying fixes.
Solution:
The vendor has released an advisory, along with fixes to address this issue. Please see the referenced advisory for further information on obtaining and applying fixes.
References
TIBCO Hawk Configuration Interface Local Buffer Overflow Vulnerability
References:
References:
- TIBCO Hawk Product Page (TIBCO)
- TIBCO Hawk Security Advisory FAQ (TIBCO)
- TIBCO Hawk vulnerability (TIBCO)
- Vulnerability Note VU#620516 (US-CERT)