TIBCO Rendezvous daemon components contain a buffer overflow in the HTTP administrative interface

2006-06-05T00:00:00
ID VU:999884
Type cert
Reporter CERT
Modified 2006-06-05T00:00:00

Description

Overview

A vulnerability in the TIBCO Rendezvous daemon components may allow a remote attacker to execute arbitrary code on an affected system.

Description

TIBCO Rendezvous is a distributed messaging software platform. A buffer overflow vulnerability has been discovered in the HTTP administrative interface of several TIBCO Rendezvous daemon components. According to the vendor, the following products are affected:

  • TIBCO Rendezvous versions below 7.5.1
  • TIBCO Runtime Agent (TRA) versions below 5.4
  • TIBCO Hawk versions below 4.6.1

The following components are affected:

  • TIBCO Rendezvous Routing Daemon (rvrd)
  • TIBCO Rendezvous Secure Routing Daemon (rvsrd)
  • TIBCO Rendezvous Secure Daemon (rvsd)
  • TIBCO Rendezvous Cache (rvcache)
  • TIBCO Rendezvous Agent (rva)

Impact

A remote attacker may be able to execute arbitrary code on an affected system. The impact of exploitation varies depending on the operating system of the affected system, configuration options of the daemon, and the privileges of the user that invokes the daemon. TIBCO states the following: