Secunia Security Advisory - Some vulnerabilities have been discovered in TIBCO SmartSockets, which can be exploited by malicious people to compromise a vulnerable system.
5a7c734dc8b0dff71267486de835560e72c2da034beacf917872b5267c858ba2
----------------------------------------------------------------------
A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI
has been released. The new version includes many new and advanced
features, which makes it even easier to stay patched.
Download and test it today:
https://psi.secunia.com/
Read more about this new version:
https://psi.secunia.com/?page=changelog
----------------------------------------------------------------------
TITLE:
TIBCO SmartSockets Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA28490
VERIFY ADVISORY:
http://secunia.com/advisories/28490/
CRITICAL:
Moderately critical
IMPACT:
System access
WHERE:
>From local network
SOFTWARE:
TIBCO Enterprise Message Service 4.x
http://secunia.com/product/14903/
TIBCO SmartSockets 6.x
http://secunia.com/product/17211/
TIBCO SmartSockets Product Family (RTworks) 4.x
http://secunia.com/product/17212/
DESCRIPTION:
Some vulnerabilities have been discovered in TIBCO SmartSockets,
which can be exploited by malicious people to compromise a vulnerable
system.
1) Input validation errors in the RTserver component when handling
requests, which uses values in the request as pointers, pointer
offsets, or loop bounds, can be exploited to execute arbitrary code.
2) Input validation errors in the RTserver component when handling
requests can be exploited to cause a heap-based buffer overflow.
Successful exploitation of the vulnerabilities allow execution of
arbitrary code.
The vulnerabilities affect the following products and versions:
* TIBCO SmartSockets versions prior to 6.8.1
* TIBCO SmartSockets Product Family (RTworks) versions prior to
4.0.4
* TIBCO Enterprise Message Service (EMS) versions 4.0.0 to 4.4.1 if
the SmartSockets support is enabled (not enabled by default)
* Applications using the TipcConnAccept interface
SOLUTION:
Update to the latest versions:
* TIBCO SmartSockets version 6.8.1 or later
* TIBCO RTworks version 4.0.4 or later
* TIBCO EMS version 4.4.2 or later
PROVIDED AND/OR DISCOVERED BY:
1) Independently discovered by:
* McSlibin
* Sean Larsson, VeriSign iDefense Labs
2) McSlibin
ORIGINAL ADVISORY:
TIBCO:
http://www.tibco.com/mk/smartsockets-sspfm-ems_advisory_20080115.jsp
http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt
http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt
http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt
iDefense Labs:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=638
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=639
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=640
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=641
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed