TIBCO Hawk Multiple Remote Buffer Overflow Vulnerabilities
BID:30836
Info
TIBCO Hawk Multiple Remote Buffer Overflow Vulnerabilities
| Bugtraq ID: | 30836 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2008-3338 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 29 2008 12:00AM |
| Updated: | Aug 29 2008 01:45AM |
| Credit: | TIBCO |
| Vulnerable: |
TIBCO Runtime Agent (TRA) 5.5.4 TIBCO Runtime Agent (TRA) 5.5.3 TIBCO Mainframe Service Tracker 1.0 TIBCO iProcess Engine 11.0 TIBCO iProcess Engine 10.6.2 TIBCO iProcess Engine 10.6.1 TIBCO iProcess Engine 10.6 TIBCO iProcess Engine 10.5 TIBCO iProcess Engine 10.3 TIBCO Hawk 4.8 TIBCO Hawk 4.7 TIBCO Hawk 4.6.1 |
| Not Vulnerable: |
TIBCO Runtime Agent (TRA) 5.6 TIBCO Mainframe Service Tracker 1.1 TIBCO iProcess Engine 11.0.1 TIBCO iProcess Engine 10.6.3 TIBCO Hawk 4.8.1 |
Discussion
TIBCO Hawk Multiple Remote Buffer Overflow Vulnerabilities
TIBCO Hawk is prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied data.
Attackers can exploit these issues to execute arbitrary code in the context of affected applications. Failed exploit attempts will likely result in denial-of-service conditions.
The following products and components are affected:
TIBCO Hawk prior to 4.8.1
TIBCO Runtime Agent (TRA) prior to 5.6.0
TIBCO iProcess Engine 10.3.0 through 10.6.2, and 11.0.0
TIBCO Mainframe Service Tracker prior to 1.1.0
TIBCO Hawk is prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied data.
Attackers can exploit these issues to execute arbitrary code in the context of affected applications. Failed exploit attempts will likely result in denial-of-service conditions.
The following products and components are affected:
TIBCO Hawk prior to 4.8.1
TIBCO Runtime Agent (TRA) prior to 5.6.0
TIBCO iProcess Engine 10.3.0 through 10.6.2, and 11.0.0
TIBCO Mainframe Service Tracker prior to 1.1.0
Exploit / POC
TIBCO Hawk Multiple Remote Buffer Overflow Vulnerabilities
Currently we are not aware of any exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
TIBCO Hawk Multiple Remote Buffer Overflow Vulnerabilities
Solution:
The vendor has released updates and advisories. Please see the references for more information.
Solution:
The vendor has released updates and advisories. Please see the references for more information.
References
TIBCO Hawk Multiple Remote Buffer Overflow Vulnerabilities
References:
References:
- TIBCO Hawk Security Advisory FAQ (TIBCO)
- TIBCO Homepage (TIBCO)
- TIBCO Hawk vulnerability (TIBCO)