TIBCO Hawk Monitoring Agent vulnerable to buffer overflow via the configuration interface

2006-06-05T00:00:00
ID VU:620516
Type cert
Reporter CERT
Modified 2006-06-05T19:15:00

Description

Overview

A vulnerability in the TIBCO Hawk Monitoring Agent configuration interface may allow a local attacker to execute arbitrary code with elevated privileges.

Description

TIBCO Hawk is a tool for monitoring and managing distributed applications and systems throughout an enterprise. A buffer overflow vulnerability has been discovered in the configuration interface to the TIBCO Hawk Monitoring Agent. According to the vendor, the following products are affected:

* TIBCO Hawk versions below 4.6.1
* TIBCO Runtime Agent (TRA) versions below 5.4

The following components are affected:

* TIBCO Hawk HMA (`tibhawkhma`)

Impact

A local attacker who is able to modify the configuration of the tibhawkhma program may be able to execute arbitrary code with administrative privileges. TIBCO states the following:
If the tibhawkhma program is installed as suid root on a Unix system, the successful exploit will allow arbitrary code execution with root privileges.

If the tibhawkhma program is installed as a system service on a Windows system, the successful exploit will allow arbitrary code execution with system service privileges.


Solution

Upgrade

TIBCO Software, Inc. has released an updated version of the affected software to address this vulnerability. Users are strongly encouraged to upgrade to TIBCO Hawk version 4.6.1 or later. More information can be found in the TIBCO Hawk Security Advisory FAQ for this issue.


Workarounds

TIBCO recommends that users who are not able to upgrade employ all of the following workarounds:

* Set the permissions of the `tibhawkhma` configuration file such that only the system administrator may write to the configuration file.
* Set the permissions of the `tibhawkhma` executable such that only the system administrator may launch the program.
* On Unix systems, Set the permissions of the `tibhawkhma` executable such that it is not setuid.

Vendor Information

Javascript is disabled. Click here to view vendors.

CVSS Metrics

Group | Score | Vector
---|---|---
Base | |
Temporal | |
Environmental | |

References

  • <http://www.tibco.com/mk/hawk_advisory.jsp>
  • <http://www.tibco.com/resources/mk/hawk_security_advisory.txt>

Acknowledgements

This vulnerability was reported by TIBCO Software, Inc.

This document was written by Chad R Dougherty.

Other Information

CVE IDs: | None
---|---
Severity Metric: | 20.04
Date Public: | 2006-06-05
Date First Published: | 2006-06-05
Date Last Updated: | 2006-06-05 19:15 UTC
Document Revision: | 14