Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Generic)  >   TIBCO Rendezvous Vendors:   TIBCO Software
TIBCO Rendezvous Buffer Overflow Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1016145
SecurityTracker URL:
CVE Reference:   CVE-2006-2830   (Links to External Site)
Updated:  Aug 6 2007
Original Entry Date:  May 24 2006
Impact:   Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Root access via local system, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 7.5; tested on 7.4.11
Description:   Andres Tarasco from SIA Group reported a vulnerability in TIBCO Rendezvous. A remote user can execute arbitrary code on the target system.

Several HTTP administrative interface components contain a buffer overflow. A remote user can send specially crafted data to the HTTP interface to trigger an overflow and execute arbitrary code on the target system. The code will run with the privileges of the target service, typically System level privileges on Windows-based systems and root privileges on Linux/UNIX-based systems.

A remote user can also exploit the HTTP interface to determine if files on the target system exist or not.

The TIBCO Rendezvous(R) Remote routing communications daemon (rvrd), TIBCO Rendezvous(R) Secure routing (rvsrd), and TIBCO Rendezvous(R) Initial value cache (rvcache) are affected.

The TIBCO Runtime Agent (TRA) (prior to version 5.4) and TIBCO Hawk (prior to version 4.6.1) are also affected.

The vendor was notified on April 27, 2006.

Impact:   A remote user can execute arbitrary code on the target system.

A remote user can determine if files exist on the target system.

A local user can gain elevated privileges.

Solution:   The vendor has issued a fixed version (7.5.1).

The TIBCO advisory is available at:

Vendor URL: (Links to External Site)
Cause:   Access control error, Boundary error
Underlying OS:  Linux (Any), OS/400, UNIX (AIX), UNIX (FreeBSD), UNIX (HP/UX), UNIX (Open UNIX-SCO), UNIX (Solaris - SunOS), UNIX (Tru64), Windows (2000), Windows (2003), Windows (XP)

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, LLC