• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

TIBCO Multiple Products Buffer Overflow Vulnerabilities

TIBCO products are prone to multiple buffer-overflow vulnerabilities because the applications fail to perform adequate boundary checks on user-supplied data.

Attackers can exploit these issues to execute arbitrary code in the context of the affected applications. Failed exploit attempts will likely result in denial-of-service conditions.

The following components are affected:

TIBCO EMS Server (tibemsd)
TIBCO Rendezvous Daemon (rvd)
TIBCO Rendezvous Routing Daemon (rvrd)
TIBCO Rendezvous Secure Routing Daemon (rvsrd)
TIBCO Rendezvous Secure Daemon (rvsd)
TIBCO Rendezvous Cache (rvcache)
TIBCO Rendezvous Agent (rva)
TIBCO Rendezvous Relay Agent (rvrad)
TIBCO Rendezvous Performance Test Tool (rvperfm, rvperfs)
TIBCO Rendezvous client library (libtibrv)
TIBCO Rendezvous Server In-Process Module Add-on (libtibrvipm)
TIBCO Rendezvous Access Control List Daemon (rvacld)
TIBCO Rendezvous TX daemon (rvtxd)
TIBCO iProcess Engine Process Sentinal (procmgr, pmsulib)
TIBCO Substation ES RV Transformer (tibssxfr)
TIBCO File Adapter (z/OS) Publisher (sxf3rpub)
TIBCO File Adapter (z/OS) Subscriber (sxf3rsub)