BUGTRAQ ID: 28717
CVE(CAN) ID: CVE-2008-1703,CVE-2008-1704
TIBCO企业消息服务(EMS)是基于标准的消息传送平台,Rendezvous是一套帮助用户快速构建和部署大规模分布式应用的中间件。
TIBCO EMS服务器(tibemsd)在处理某些入站消息时存在缓冲区溢出漏洞,可能导致执行任意指令、拒绝服务或泄露敏感信息。
Rendezvous的以下组件在处理入站消息时也存在缓冲区溢出漏洞,可能导致执行任意指令、拒绝服务或泄露敏感信息。
- TIBCO Rendezvous Daemon (rvd)
- TIBCO Rendezvous Routing Daemon (rvrd)
- TIBCO Rendezvous Secure Routing Daemon (rvsrd)
- TIBCO Rendezvous Secure Daemon (rvsd)
- TIBCO Rendezvous Cache (rvcache)
- TIBCO Rendezvous Agent (rva)
- TIBCO Rendezvous Relay Agent (rvrad)
- TIBCO Rendezvous Performance Test Tool (rvperfm, rvperfs)
- TIBCO Rendezvous client library (libtibrv)
- TIBCO Rendezvous Server In-Process Module Add-on (libtibrvipm)
- TIBCO Rendezvous Access Control List Daemon (rvacld)
- TIBCO Rendezvous TX daemon (rvtxd)
- TIBCO iProcess Engine Process Sentinal (procmgr, pmsulib)
- TIBCO Substation ES RV Transformer (tibssxfr)
- TIBCO File Adapter (z/OS) Publisher (sxf3rpub)
- TIBCO File Adapter (z/OS) Subscriber (sxf3rsub)
TIBCO Rendezvous < 8.1.0
TIBCO EMS < 4.4.3
TIBCO iProcess Engine 10.6.0 - 10.6.1
TIBCO
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
<a href=“http://www.tibco.com/software/messaging/rendezvous.jsp” target=“_blank”>http://www.tibco.com/software/messaging/rendezvous.jsp</a>