TIBCO Rendezvous and Enterprise Message Service vulnerabilities
Original release date: February 1, 2011
Last revised: --
CVE-2011-0649
Source: TIBCOSoftware Inc.
TIBCO Rendezvous and Enterprise Message Service vulnerabilities
Original release date: February 1, 2011
Last revised: --
Source: TIBCO Software Inc.
Systems Affected
TIBCO Rendezvous versions 8.2.1 through 8.3.0
TIBCO Enterprise Message Service (EMS) versions 5.1.0 through 6.0.0
TIBCO Runtime Agent (TRA) versions 5.6.2 through 5.7.0
TIBCO Silver BPM Service versions below 1.0.4
TIBCO Silver CAP Service versions below 1.0.2
TIBCO Silver BusinessWorks Service version 1.0.0
The following components are affected:
* TIBCO Rendezvous Routing Daemon (rvrd)
* TIBCO Rendezvous Secure Daemon (rvsd)
* TIBCO Rendezvous Secure Routing Daemon (rvsrd)
* TIBCO EMS Server (tibemsd)
Overview
TIBCO Rendezvous and EMS components listed above contain a SUID
vulnerability which could potentially grant unauthorized root access
to an attacker on Unix-based systems.
I. Description
TIBCO has released updates that address a critical vulnerability
in server components of TIBCO Rendezvous and EMS. TIBCO strongly
recommends sites running the affected components to install the
update or take mitigating action as appropriate.
II. Impact
On Unix-based systems a successful attack will result in a privilege
escalation to root, granting the attacker full administrative control
of the host.
III. Solution
For each affected system, update to the corresponding software versions:
TIBCO Rendezvous version 8.3.1 or higher
TIBCO Enterprise Message Service 6.0.1 or higher
TIBCO Runtime Agent (TRA) version 5.7.1 or higher
TIBCO Silver BPM Service version 1.0.4 or higher
TIBCO Silver CAP Service version 1.0.2 or higher
TIBCO Silver BusinessWorks Service version 1.0.1 or higher
This is strongly recommended.
If an upgrade is not possible, the vulnerability can be completely
mitigated by disabling SUID rights for all affected components.
References
http://www.tibco.com/mk/advisory.jsp
CVE: CVE-2011-0649
The information on this page is being provided toyou on an "AS IS" and "AS-AVAILABLE" basis. The issues described on this page may or may not impact your system(s). TIBCO makes no representations, warranties, or guarantees as to the informationcontained herein. ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE AREHEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU ACKNOWLEDGE THAT TIBCO SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT OF YOUR USE OR FAILURE TO USE THEINFORMATION CONTAINED HEREIN. The information on this page is being provided to you under the terms of your license and/or services agreement with TIBCO, and may be used only for the purposes contemplated by the agreement.If you do not have such an agreement with TIBCO, this information is provided under the TIBCO.com Terms of Use, and may be used only for the purposes contemplated by such Terms ofUse.
