Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5658

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2007-5658
Last Modified 07 Mar 2011 10:01:05
Published 15 Jan 2008 10:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-5658

Summary

Heap-based buffer overflow in TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing size and copy-length values that trigger the overflow.

Vulnerable Systems

Application

  • Tibco Enterprise Message Service 4.0.0

  • Tibco Enterprise Message Service 4.1.0

  • Tibco Enterprise Message Service 4.2.0

  • Tibco Enterprise Message Service 4.3.0

  • Tibco Enterprise Message Service 4.4.0

  • Tibco Enterprise Message Service 4.4.1

  • Tibco Rtworks 4.0.3

  • Tibco Smartsockets Rtserver 6.8.0


References

VUPEN - ADV-2008-0173

CONFIRM - http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt

CONFIRM - http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt

CONFIRM - http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt

CONFIRM - http://www.tibco.com/mk/advisory.jsp

BID - 27294

IDEFENSE - 20080115 TIBCO SmartSockets RTserver Heap Overflow Vulnerability

XF - tibco-rtserver-bo(39703)

SECTRACK - 1019193

SECUNIA - 28490


Last Updated: 27 May 2016 10:46:14