5 results (0.010 seconds)

CVSS: 10.0EPSS: 16%CPEs: 13EXPL: 0

Stack-based buffer overflow in TIBCO SmartSockets before 6.8.2, SmartSockets Product Family (aka RTworks) before 4.0.5, and Enterprise Message Service (EMS) 4.0.0 through 5.1.1, as used in SmartSockets Server and RTworks Server (aka RTserver), SmartSockets client libraries and add-on products, RTworks libraries and components, EMS Server (aka tibemsd), SmartMQ, iProcess Engine, ActiveMatrix products, and CA Enterprise Communicator, allows remote attackers to execute arbitrary code via "inbound data," as demonstrated by requests to the UDP interface of the RTserver component, and data injection into the TCP stream to tibemsd. Desbordamiento de búfer basado en pila en TIBCO SmartSockets antes de v6.8.2, SmartSockets Product Family (alias RTworks) antes de v4.0.5, y Enterprise Message Service (EMS) v4.0.0 hasta v5.1.1, utilizado en SmartSockets Server y RTworks Server (alias RTserver), librerias del cliente SmartSockets y productos con el complemento, librerias y componentes RTworks, EMS Server (alias tibemsd), SmartMQ, iProcess Engine, productos ActiveMatrix, y CA Enterprise Communicator, permite a atacantes remotos ejecutar código arbitrario a través de "inbound data," (datos de entrada), como lo demuestran las solicitudes de la interfaz UDP de el componente RTserver, y inyección de datos en el flujo TCP a tibemsd. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=785 http://secunia.com/advisories/34911 http://securitytracker.com/id?1022129 http://www.harmonysecurity.com/blog/2009/04/tibco-smartsockets-stack-buffer.html http://www.securityfocus.com/bid/34754 http://www.tibco.com/multimedia/security_advisory_ems_tcm8-7558.txt http://www.tibco.com/multimedia/security_advisory_rtworks_tcm8-7559.txt http://www.tibco.com/multimedia/security_advisory_smartsockets_tcm8-7560.txt http://www.tibco • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 5%CPEs: 8EXPL: 0

Heap-based buffer overflow in TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing size and copy-length values that trigger the overflow. Desbordamiento de búfer basado en pila en TIBCO SmartSockets RTserver 6.8.0 y anteriores, RTworks before 4.0.4, y Enterprise Message Service (EMS) 4.0.0 hasta el 4.4.1 permite a atacantes remotos ejecutar código de su elección a través de una respuesta manipulada que contiene valores de tamaño y longitud de copia que dispara el desbordamiento. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=638 http://secunia.com/advisories/28490 http://securitytracker.com/id?1019193 http://www.securityfocus.com/bid/27294 http://www.tibco.com/mk/advisory.jsp http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt http://www.vupen.com/english/advisories/2008/0173 • CWE-20: Improper Input Validation •

CVSS: 10.0EPSS: 8%CPEs: 4EXPL: 0

TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointers. TIBCO SmartSockets RTserver 6.8.0 y anteriores, RTworks anterior a 4.0.4, y Enterprise Message Service (EMS) 4.0.0 hasta la 4.4.1 permite a atacantes remotos ejecutar código de su elección a través de respuestas manipuladas que contienen valores que son utilizados como punteros. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=639 http://secunia.com/advisories/28490 http://securitytracker.com/id?1019193 http://www.securityfocus.com/bid/27292 http://www.tibco.com/mk/advisory.jsp http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt http://www.vupen.com/english/advisories/2008/0173 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 6%CPEs: 8EXPL: 0

TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted requests that control loop operations related to memory. TIBCO SmartSockets RTserver 6.8.0 y anteriores, RTworks anterior a 4.0.4, y Enterprise Message Service (EMS) 4.0.0 hasta la 4.4.1 permite a atacantes remotos provocar denegación de servicio (caida) y posiblemente ejecutar código de su elección a través de respuestas manipuladas que controlan operaciones de bucle relacionados con la memoria. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=641 http://secunia.com/advisories/28490 http://securitytracker.com/id?1019193 http://www.securityfocus.com/bid/27293 http://www.tibco.com/mk/advisory.jsp http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt http://www.vupen.com/english/advisories/2008/0173 • CWE-399: Resource Management Errors •

CVSS: 10.0EPSS: 5%CPEs: 4EXPL: 0

TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointer offsets. TIBCO SmartSockets RTserver 6.8.0 y anteriores, RTworks anterior a 4.0.4, y Enterprise Message Service (EMS) 4.0.0 hasta el 4.4.1 permite a atacantes remotos ejecutar código de su elección a través de respuestas manipuladas que contienen valores que son utilizados como punteros de compensación. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=640 http://secunia.com/advisories/28490 http://securitytracker.com/id?1019193 http://www.securityfocus.com/bid/27295 http://www.tibco.com/mk/advisory.jsp http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt http://www.vupen.com/english/advisories/2008/0173 • CWE-20: Improper Input Validation •