Vulnerabilities > CVE-2007-5656 - Resource Management Errors vulnerability in Tibco products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted requests that control loop operations related to memory.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 8 |
Common Weakness Enumeration (CWE)
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 27293 CVE(CAN) ID: CVE-2007-5656 TIBCO SmartSockets是用于通过独立通道传输消息的传送框架,RTserver是其中的服务器组件。 TIBCO SmartSockets在处理畸形数据时存在漏洞,远程攻击者可能利用此漏洞导致拒绝服务或执行任意指令。 在处理请求时,SmartSockets使用了一些来自请求的值控制一些循环的重复次数,而在这些循环中可以执行各种内存操作。由于攻击者可以控制这些值,因此可能会触发一些可利用的情况,导致RTserver拒绝服务或以系统权限执行任意指令。 TIBCO SmartSockets 6.8 厂商补丁: TIBCO ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://www.tibco.com/software/messaging/smartsockets/ target=_blank>http://www.tibco.com/software/messaging/smartsockets/</a> |
| id | SSV:2831 |
| last seen | 2017-11-19 |
| modified | 2008-01-17 |
| published | 2008-01-17 |
| reporter | Root |
| title | SmartSockets RTServer多个远程不可信任循环边界漏洞 |
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=641
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=641
- http://secunia.com/advisories/28490
- http://secunia.com/advisories/28490
- http://securitytracker.com/id?1019193
- http://securitytracker.com/id?1019193
- http://www.securityfocus.com/bid/27293
- http://www.securityfocus.com/bid/27293
- http://www.tibco.com/mk/advisory.jsp
- http://www.tibco.com/mk/advisory.jsp
- http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt
- http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt
- http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt
- http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt
- http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt
- http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt
- http://www.vupen.com/english/advisories/2008/0173
- http://www.vupen.com/english/advisories/2008/0173
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39708
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39708