Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:2832
HistoryJan 17, 2008 - 12:00 a.m.

TIBCO SmartSockets指针偏移远程代码执行漏洞

2008-01-1700:00:00
Root
www.seebug.org
22

EPSS

0.046

Percentile

92.7%

JSON

BUGTRAQ ID: 27295
CVE(CAN) ID: CVE-2007-5657

TIBCO SmartSockets是用于通过独立通道传输消息的传送框架,RTserver是其中的服务器组件。

SmartSockets在处理请求时使用了来自请求的值作为添加到有效指针的偏移,然后在各种内存操作中用到了所生成的指针值。由于攻击者可以控制偏移值,因此可能触发可利用的情况,导致RTserver拒绝服务或以系统权限执行任意指令。

TIBCO SmartSockets 6.8
TIBCO

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

<a href=“http://www.tibco.com/software/messaging/smartsockets/” target=“_blank”>http://www.tibco.com/software/messaging/smartsockets/</a>

Related

cvelist 1
prion 1
cve 1
securityvulns 2
nvd 1
cvelist
cvelist
CVE-2007-5657
2008-01-16 02:00:00
prion
prion
Buffer overflow
2008-01-16 03:00:00
cve
cve
CVE-2007-5657
2008-01-16 03:00:00
securityvulns
securityvulns
iDefense Security Advisory 01.15.08: TIBCO SmartSockets RTserver Multiple Untrusted Pointer Offset Vulnerabilities
2008-01-16 00:00:00
TIBCO SmartSockets RTserver multiple security vulnerabilities
2008-01-16 00:00:00
nvd
nvd
CVE-2007-5657
2008-01-16 03:00:00

EPSS

0.046

Percentile

92.7%

JSON
Related for SSV:2832
cvelist1prion1cve1securityvulns2nvd1