SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips
 

Vulnerability Note VU#620516

TIBCO Hawk Monitoring Agent vulnerable to buffer overflow via the configuration interface

Overview

A vulnerability in the TIBCO Hawk Monitoring Agent configuration interface may allow a local attacker to execute arbitrary code with elevated privileges.

I. Description

TIBCO Hawk is a tool for monitoring and managing distributed applications and systems throughout an enterprise. A buffer overflow vulnerability has been discovered in the configuration interface to the TIBCO Hawk Monitoring Agent. According to the vendor, the following products are affected:
  • TIBCO Hawk versions below 4.6.1
  • TIBCO Runtime Agent (TRA) versions below 5.4

    The following components are affected:
  • TIBCO Hawk HMA (tibhawkhma)

II. Impact

A local attacker who is able to modify the configuration of the tibhawkhma program may be able to execute arbitrary code with administrative privileges. TIBCO states the following:

    If the tibhawkhma program is installed as suid root on a Unix system, the successful exploit will allow arbitrary code execution with root privileges.

    If the tibhawkhma program is installed as a system service on a Windows system, the successful exploit will allow arbitrary code execution with system service privileges.

III. Solution

Upgrade


TIBCO Software, Inc. has released an updated version of the affected software to address this vulnerability. Users are strongly encouraged to upgrade to TIBCO Hawk version 4.6.1 or later. More information can be found in the TIBCO Hawk Security Advisory FAQ for this issue.

Workarounds

TIBCO recommends that users who are not able to upgrade employ all of the following workarounds:

  • Set the permissions of the tibhawkhma configuration file such that only the system administrator may write to the configuration file.
  • Set the permissions of the tibhawkhma executable such that only the system administrator may launch the program.
  • On Unix systems, Set the permissions of the tibhawkhma executable such that it is not setuid.

Systems Affected
No Information Available

References


http://www.tibco.com/mk/hawk_advisory.jsp
http://www.tibco.com/resources/mk/hawk_security_advisory.txt

Credit

This vulnerability was reported by TIBCO Software, Inc.

This document was written by Chad R Dougherty.

Other Information

Date Public06/05/2006
Date First Published06/05/2006 03:03:38 PM
Date Last Updated06/05/2006
CERT Advisory 
CVE-ID(s) 
NVD-ID(s) 
US-CERT Technical Alerts 
Metric20.04
Document Revision12

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Produced 2006 by US-CERT, a government organization
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader