Description:

TIBCO Rendezvous vulnerability

   Original release date: August 25, 2015
   Last revised: --
   Source: TIBCO Software Inc.


Systems Affected

   TIBCO Rendezvous 8.4.3 and below (all distributions)
   TIBCO Rendezvous Network Server 1.1.0 and below
   TIBCO Substation ES 2.8.1 and below
   TIBCO Messaging Appliance 8.7.1 and below

   The following components are affected:

     * TIBCO Rendezvous Daemon (rvd)
     * TIBCO Rendezvous Routing Daemon (rvrd)
     * TIBCO Rendezvous Secure Daemon (rvsd)
     * TIBCO Rendezvous Secure Routing Daemon (rvsrd)
     * TIBCO Rendezvous Gateway Daemon (rvgd)
     * TIBCO Rendezvous Daemon Adapter (rvda)
     * TIBCO Rendezvous Cache (rvcache)
     * TIBCO Rendezvous Agent (rva)
     * TIBCO Rendezvous Relay Agent (rvrad)
 

Description

   The TIBCO Rendezvous daemon components listed above contain a buffer
   overflow vulnerability in the HTTP administrative interface.


Impact

   The impact of this vulnerability includes denial of service and the
   theoretical possibility of remote execution of arbitrary code. 

   CVSS v2 Base Score: 4.3 (AV:A/AC:H/Au:N/C:P/I:P/A:P)


Solution

   TIBCO has released updated versions of the affected components which
   address these issues. TIBCO strongly recommends sites running the affected
   components to install the applicable update as described below.

   For each affected system, update to the corresponding software versions:


   TIBCO Rendezvous 8.4.4 or higher
   TIBCO Rendezvous Network Server 1.1.1 or higher
   TIBCO Substation ES 2.9.0 or higher
   TIBCO Messaging Appliance 8.7.2 or higher


References

   http://www.tibco.com/mk/advisory.jsp
   CVE: CVE-2015-4555 

All supported platforms of: TIBCO Rendezvous 8.4.3 and below TIBCO Rendezvous Network Server 1.1.0 and below TIBCO Substation ES 2.8.1 and below TIBCO Messaging Appliance 8.7.1 and below The following products include TIBCO Rendezvous®: TIBCO ActiveMatrix® Adapter for Amdocs CRM TIBCO ActiveMatrix® Adapter for Database TIBCO ActiveMatrix® Adapter for Files for Unix/Win TIBCO ActiveMatrix® Adapter for Files for zLinux TIBCO ActiveMatrix® Adapter for JD Edwards EnterpriseOne TIBCO ActiveMatrix® Adapter for Kenan/BP TIBCO ActiveMatrix® Adapter for LDAP for zLinux TIBCO ActiveMatrix® Adapter for Lotus Notes TIBCO ActiveMatrix® Adapter for Oracle BRM TIBCO ActiveMatrix® Adapter for OSIsoft PI TIBCO ActiveMatrix Adapter for PeopleSoft TIBCO ActiveMatrix® Adapter for SAP TIBCO ActiveMatrix® Adapter for Siebel TIBCO ActiveMatrix® Adapter for Tuxedo TIBCO ActiveMatrix BusinessWorks™ TIBCO ActiveMatrix BusinessWorks™ for z/Linux TIBCO ActiveSpaces® Enterprise EditionTIBCO® Adapter for COM TIBCO® Adapter for CORBA TIBCO® Adapter for EJB TIBCO® Adapter for Remedy TIBCO® Adapter for Teradata TIBCO® Adapter SDK TIBCO® API Exchange TIBCO® API Exchange Gateway TIBCO BusinessConnect™ TIBCO BusinessWorks™ Workflow TIBCO FTL Rendezvous® Network Server TIBCO® Fulfillment Order Management TIBCO Hawk® TIBCO InConcert® TIBCO iProcess® Engine TIBCO RFID Interchange™ Silver Fabric distributions that include TIBCO Rendezvous include: TIBCO ActiveMatrix BusinessWorks™ Distribution for TIBCO Silver® Fabric TIBCO ActiveMatrix BusinessWorks™ Service Engine Distribution for TIBCO Silver® Fabric TIBCO ActiveMatrix® Service Grid Distribution for TIBCO Silver® Fabric TIBCO® Adapter for Database Distribution for TIBCO Silver® Fabric TIBCO® Adapter for Files (Unix/Win) Distribution for TIBCO Silver® Fabric TIBCO® Adapter for LDAP Distribution for TIBCO Silver® Fabric TIBCO® Adapter for SAP Distribution for TIBCO Silver® FabricTIBCO Administrator™ - Enterprise Edition Distribution for TIBCO Silver® Fabric TIBCO® API Exchange Gateway Distribution for TIBCO Silver® Fabric TIBCO BusinessConnect™ Distribution for TIBCO Silver® Fabric TIBCO BusinessEvents® Distribution for TIBCO Silver® Fabric

Security advisory for TIBCO Rendezvous®, TIBCO Messaging Appliance™, and TIBCO Substation ES™

Security Advisories for TIBCO Products

https://nvd.nist.gov
CVE: CVE-2015-4555