Tuesday, 28 April 2009

TIBCO SmartSockets Stack Buffer Overflow Vulnerability

iDefense have published an advisory for a critical remote pre-authentication code execution vulnerability (CVE-2009-1291) in the TIBCO SmartSockets framework which was discovered by Stephen Fewer of Harmony Security. The effected components are as follows:

  • TIBCO SmartSockets®
  • TIBCO SmartSockets® Product Family Modules (formerly RTworks)
  • TIBCO Enterprise Message Service™

You can read the full iDefense advisory here:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=785

And the three TIBCO advisories here:
http://www.tibco.com/multimedia/security_advisory_smartsockets_tcm8-7560.txt
http://www.tibco.com/multimedia/security_advisory_rtworks_tcm8-7559.txt
http://www.tibco.com/multimedia/security_advisory_ems_tcm8-7558.txt

No comments: