What should be done to avoid the IRM security problem/bug reported for RV7.5.x releases on ttp://www.irmplc.com/index.php/160-Advisory-025?
Article ID: KB0090732
Updated On:
| Products | Versions |
|---|---|
| TIBCO Rendezvous | - |
| Not Applicable | - |
Description
Resolution:
As reported in the advisory, this problem has been addressed in RV 8.0 in CR# 1-84MR37 – “Fixed a daemon memory growth defect associated with messages of length zero”. The problem manifests only when bogus RV messages with size zero are repeatedly sent after connecting to a pre RV 8 daemon. RV daemon can potentially run out of memory if it continuously receives too many bogus RV messages with size zero. For a RVD to be attacked like this, first the attacker would need to have access to the daemon's TCP port. In most cases, this would mean potential attacker(s) were already inside the internal network. In a nutshell, for this problem to happen following two conditions needs to be true:
a. Attacker must be able to establish TCP connection to RVD.
b. Attacker must be able to maliciously inject corrupted message into the TCP stream.
TIBCO found this issue internally and till date none of our customers have reported this problem in their secure networks. Based on cumulative feedback from all our customers, we currently do not plan to back patch this defect in RV 7.5.x.
If the RV daemon client connections are remote (external customers); RVSD/RVSRD may be used to allow only secure connections to eliminate any possibilities of a malicious attack as described above.
As reported in the advisory, this problem has been addressed in RV 8.0 in CR# 1-84MR37 – “Fixed a daemon memory growth defect associated with messages of length zero”. The problem manifests only when bogus RV messages with size zero are repeatedly sent after connecting to a pre RV 8 daemon. RV daemon can potentially run out of memory if it continuously receives too many bogus RV messages with size zero. For a RVD to be attacked like this, first the attacker would need to have access to the daemon's TCP port. In most cases, this would mean potential attacker(s) were already inside the internal network. In a nutshell, for this problem to happen following two conditions needs to be true:
a. Attacker must be able to establish TCP connection to RVD.
b. Attacker must be able to maliciously inject corrupted message into the TCP stream.
TIBCO found this issue internally and till date none of our customers have reported this problem in their secure networks. Based on cumulative feedback from all our customers, we currently do not plan to back patch this defect in RV 7.5.x.
If the RV daemon client connections are remote (external customers); RVSD/RVSRD may be used to allow only secure connections to eliminate any possibilities of a malicious attack as described above.
Issue/Introduction
What should be done to avoid the IRM security problem/bug reported for RV7.5.x releases on ttp://www.irmplc.com/index.php/160-Advisory-025?
Feedback
Yes
No
Powered by
