Vulnerability Note VU#999884
TIBCO Rendezvous daemon components contain a buffer overflow in the HTTP administrative interface
A vulnerability in the TIBCO Rendezvous daemon components may allow a remote attacker to execute arbitrary code on an affected system.
TIBCO Rendezvous is a distributed messaging software platform. A buffer overflow vulnerability has been discovered in the HTTP administrative interface of several TIBCO Rendezvous daemon components. According to the vendor, the following products are affected:
A remote attacker may be able to execute arbitrary code on an affected system. The impact of exploitation varies depending on the operating system of the affected system, configuration options of the daemon, and the privileges of the user that invokes the daemon. TIBCO states the following:
On Windows based systems, the successful exploit will allow arbitrary code execution with the privileges of the user that invoked that daemon. If the daemon component is installed as a system service, this will result in access to system privileges.
Systems Affected (Learn More)
No information available. If you are a vendor and your product is affected, let us know.
CVSS Metrics (Learn More)
This vulnerability was reported by TIBCO Software, Inc. TIBCO, in turn, credits Andrés Tarascó Acuña of the SIA Group for discovery of this vulnerability.
This document was written by Chad R Dougherty.
- CVE IDs: Unknown
- Date Public: 05 Jun 2006
- Date First Published: 05 Jun 2006
- Date Last Updated: 05 Jun 2006
- Severity Metric: 26.72
- Document Revision: 11
If you have feedback, comments, or additional information about this vulnerability, please send us email.