TIBCO Rendezvous HTTP Interface Remote Buffer Overflow Vulnerability
BID:18301
CVE-2006-2830 |Info
TIBCO Rendezvous HTTP Interface Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 18301 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 06 2006 12:00AM |
| Updated: | Sep 05 2006 08:13PM |
| Credit: | Andrés Tarascó Acuña of the SIA Group discovered this issue. |
| Vulnerable: |
TIBCO Runtime Agent 0 TIBCO Rendezvous 0 TIBCO Hawk 0 |
| Not Vulnerable: |
TIBCO Runtime Agent 5.4 TIBCO Rendezvous 7.5.1 TIBCO Hawk 4.6.1 |
Discussion
TIBCO Rendezvous HTTP Interface Remote Buffer Overflow Vulnerability
TIBCO Rendezvous is prone to a remote buffer-overflow vulnerability. This issue is due to the application's failure to properly check boundaries of user-supplied command-line argument data before copying it to an insufficiently sized memory buffer.
Attackers may exploit this issue to execute arbitrary machine code in the context of the affected application, facilitating the remote compromise of affected computers. The affected component may be installed as a service with administrative privileges on Microsoft Windows computers.
TIBCO Hawk versions prior to 4.6.1, TIBCO Runtime Agent versions prior to 5.4, and TIBCO Rendezvous versions prior to 7.5.1 are vulnerable to this issue.
TIBCO Rendezvous is prone to a remote buffer-overflow vulnerability. This issue is due to the application's failure to properly check boundaries of user-supplied command-line argument data before copying it to an insufficiently sized memory buffer.
Attackers may exploit this issue to execute arbitrary machine code in the context of the affected application, facilitating the remote compromise of affected computers. The affected component may be installed as a service with administrative privileges on Microsoft Windows computers.
TIBCO Hawk versions prior to 4.6.1, TIBCO Runtime Agent versions prior to 5.4, and TIBCO Rendezvous versions prior to 7.5.1 are vulnerable to this issue.
Exploit / POC
TIBCO Rendezvous HTTP Interface Remote Buffer Overflow Vulnerability
The following exploit is available:
The following exploit is available:
Solution / Fix
TIBCO Rendezvous HTTP Interface Remote Buffer Overflow Vulnerability
Solution:
The vendor has released an advisory along with fixes to address this issue. Please see the referenced advisory for more information on obtaining and applying fixes.
Solution:
The vendor has released an advisory along with fixes to address this issue. Please see the referenced advisory for more information on obtaining and applying fixes.
References
TIBCO Rendezvous HTTP Interface Remote Buffer Overflow Vulnerability
References:
References:
- Rendezvous Product Page (TIBCO)
- TIBCO Rendezvous Security Advisory FAQ (TIBCO)
- TIBCO Rendezvous vulnerability (TIBCO)
- Vulnerability Note VU#999884 (US-CERT)