SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   TIBCO Rendezvous Vendors:   TIBCO Software
TIBCO Rendezvous Buffer Overflows Let Remote Users Deny Service or Execute Arbitrary Code
SecurityTracker Alert ID:  1033677
SecurityTracker URL:  http://securitytracker.com/id/1033677
CVE Reference:   CVE-2015-4555   (Links to External Site)
Date:  Sep 30 2015
Impact:   Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 8.4.3 and prior
Description:   A vulnerability was reported in TIBCO Rendezvous. A remote user can execute arbitrary code on the target system. A remote user can cause denial of service conditions on the target system.

A remote user can send specially crafted data to the HTTP administrative interface to trigger a buffer overflow in the target Rendezvous daemon and execute arbitrary code on the target system or cause the target daemon to crash.

The following components are affected:

TIBCO Rendezvous Daemon (rvd)
TIBCO Rendezvous Routing Daemon (rvrd)
TIBCO Rendezvous Secure Daemon (rvsd)
TIBCO Rendezvous Secure Routing Daemon (rvsrd)
TIBCO Rendezvous Gateway Daemon (rvgd)
TIBCO Rendezvous Daemon Adapter (rvda)
TIBCO Rendezvous Cache (rvcache)
TIBCO Rendezvous Agent (rva)
TIBCO Rendezvous Relay Agent (rvrad)

Impact:   A remote user can execute arbitrary code on the target system.

A remote user can cause denial of service conditions.

Solution:   The vendor has issued a fix (8.4.4) [in August 2015].

The vendor's advisory is available at:

http://www.tibco.com/assets/blt18493dc775c50c09/2015-002-advisory.txt

Vendor URL:  www.tibco.com/assets/blt18493dc775c50c09/2015-002-advisory.txt (Links to External Site)
Cause:   Boundary error
Underlying OS:  Java, Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC