Lucene search

[email protected]CVE-2009-1291

HistoryApr 30, 2009 - 8:30 p.m.

CVE-2009-1291

2009-04-3020:30:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2009-1291

tibco

smartsockets

rtworks

enterprise message service

ems

buffer overflow

remote code execution

8.6 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.164 Low

EPSS

Percentile

96.0%

JSON

Stack-based buffer overflow in TIBCO SmartSockets before 6.8.2, SmartSockets Product Family (aka RTworks) before 4.0.5, and Enterprise Message Service (EMS) 4.0.0 through 5.1.1, as used in SmartSockets Server and RTworks Server (aka RTserver), SmartSockets client libraries and add-on products, RTworks libraries and components, EMS Server (aka tibemsd), SmartMQ, iProcess Engine, ActiveMatrix products, and CA Enterprise Communicator, allows remote attackers to execute arbitrary code via “inbound data,” as demonstrated by requests to the UDP interface of the RTserver component, and data injection into the TCP stream to tibemsd.

Affected configurations

NVD

Node

tibcoenterprise_message_serviceRange≤5.1.1

tibcoenterprise_message_serviceMatch4.0.0

tibcoenterprise_message_serviceMatch4.1.0

tibcoenterprise_message_serviceMatch4.2.0

tibcoenterprise_message_serviceMatch4.3.0

tibcoenterprise_message_serviceMatch4.4.1

tibcoenterprise_message_serviceMatch4.4.2

tibcortworksMatch4.0.3

tibcortworksMatch4.0.4

tibcosmartsocketsMatch6.8.0

tibcosmartsocketsMatch6.8.1

tibcosmartsockets_rtserverRange≤6.8.1

tibcosmartsockets_rtserverMatch6.8.0

CPENameOperatorVersion
tibco:enterprise_message_servicetibco enterprise message servicele5.1.1
tibco:enterprise_message_servicetibco enterprise message serviceeq4.0.0
tibco:enterprise_message_servicetibco enterprise message serviceeq4.1.0
tibco:enterprise_message_servicetibco enterprise message serviceeq4.2.0
tibco:enterprise_message_servicetibco enterprise message serviceeq4.3.0
tibco:enterprise_message_servicetibco enterprise message serviceeq4.4.1
tibco:enterprise_message_servicetibco enterprise message serviceeq4.4.2
tibco:rtworkstibco rtworkseq4.0.3
tibco:rtworkstibco rtworkseq4.0.4
tibco:smartsocketstibco smartsocketseq6.8.0

CPE	Name	Operator	Version
tibco:enterprise_message_service	tibco enterprise message service	le	5.1.1
tibco:enterprise_message_service	tibco enterprise message service	eq	4.0.0
tibco:enterprise_message_service	tibco enterprise message service	eq	4.1.0
tibco:enterprise_message_service	tibco enterprise message service	eq	4.2.0
tibco:enterprise_message_service	tibco enterprise message service	eq	4.3.0
tibco:enterprise_message_service	tibco enterprise message service	eq	4.4.1
tibco:enterprise_message_service	tibco enterprise message service	eq	4.4.2
tibco:rtworks	tibco rtworks	eq	4.0.3
tibco:rtworks	tibco rtworks	eq	4.0.4
tibco:smartsockets	tibco smartsockets	eq	6.8.0

Rows per page:

1-10 of 131

References

labs.idefense.com/intelligence/vulnerabilities/display.php?id=785

secunia.com/advisories/34911

securitytracker.com/id?1022129

www.harmonysecurity.com/blog/2009/04/tibco-smartsockets-stack-buffer.html

www.securityfocus.com/bid/34754

www.tibco.com/multimedia/security_advisory_ems_tcm8-7558.txt

www.tibco.com/multimedia/security_advisory_rtworks_tcm8-7559.txt

www.tibco.com/multimedia/security_advisory_smartsockets_tcm8-7560.txt

www.tibco.com/services/support/advisories/default.jsp

www.tibco.com/services/support/advisories/smartsockets-sspfm-ems_advisory_20090428.jsp

www.vupen.com/english/advisories/2009/1198

exchange.xforce.ibmcloud.com/vulnerabilities/50214

8.6 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.164 Low

EPSS

Percentile

96.0%

JSON

Related for CVE-2009-1291

prion1 cvelist1 securityvulns1 nvd1