TIBCO Administrator Unspecified Flaw Lets Remote Authenticated Users Gain Elevated Privileges
|
|
SecurityTracker Alert ID: 1023653 |
|
SecurityTracker URL: http://securitytracker.com/id/1023653
|
|
CVE Reference:
CVE-2010-0683
(Links to External Site)
|
Date: Feb 25 2010
|
Impact:
User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 5.4.0 - 5.6.0
|
Description:
A vulnerability was reported in TIBCO Administrator. A remote authenticated user can execute arbitrary commands on the target system with administrator privileges.
A remote authenticated user can send specially crafted data to trigger a buffer overflow and execute arbitrary code on the target system. The code will run with the privileges of the target user.
This allows the remote authenticated user to access the TIBCO domain administrator credential, the database user ID and password used by TIBCO Administrator, and the optional LDAP user ID and password used by TIBCO Administrator.
Systems that use a JMS transport provided by TIBCO Enterprise Message Service as their domain transport are affected.
|
Impact:
A remote authenticated user can execute arbitrary commands on the target system with administrator privileges.
|
Solution:
The vendor has issued a fix (5.6.1).
The vendor's advisory is available at:
http://www.tibco.com/multimedia/security_advisory_administrator_tcm8-10685.txt
|
Vendor URL: www.tibco.com/multimedia/security_advisory_administrator_tcm8-10685.txt (Links to External Site)
|
Cause:
Not specified
|
Underlying OS:
UNIX (Any), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Thu, 25 Feb 2010 05:20:37 +0000
Subject: TIBCO Administrator
|
http://www.tibco.com/multimedia/security_advisory_administrator_tcm8-10685.txt
CVE-2010-0683
|
|
