Security vulnerability advisory for TIBCO Runtime Agent
book
Article ID: KB0108177
calendar_today
Updated On:
Products
Versions
TIBCO Runtime Agent (TRA)
-
Not Applicable
-
Description
Description: TIBCO Runtime Agent vulnerability
Original release date: Jan 13, 2010 Last revised: -- Source: TIBCO Software Inc.
Systems Affected
TIBCO Runtime Agent (TRA) versions below 5.6.2
The following components are affected:
* TIBCO Domain Utility (domainutility and domainutilitycmd)
Description
TIBCO Runtime Agent components listed above create TIBCO domain properties files with weak permissions. This may expose TIBCO domain administrator credentials to untrusted parties.
TIBCO has released an update which addresses this issue. TIBCO strongly recommends sites running the affected components to install the update and take corrective action as described below.
Impact
An attacker local to any system participating in a TIBCO domain could access the credentials of the administrator of the TIBCO domain. With these credentials, the attacker can then execute arbitrary code on any system that is a participant in the TIBCO domain.
Solution
Change permissions on all existing TIBCO domain properties files to prevent access by untrusted users.
Upgrade TIBCO Runtime Agent to version 5.6.2 or above. If an upgrade is not possible at this time, explicitly set permissions on any newly created TIBCO domain properties files until such time as an upgrade can be done.
Product: TIBCO TRA
Version: All
OS:
--------------------
Resolution
TIBCO Runtime Agent vulnerability
Original release date: Jan 13, 2010 Last revised: -- Source: TIBCO Software Inc.
Systems Affected
TIBCO Runtime Agent (TRA) versions below 5.6.2
The following components are affected:
* TIBCO Domain Utility (domainutility and domainutilitycmd)
Description
TIBCO Runtime Agent components listed above create TIBCO domain properties files with weak permissions. This may expose TIBCO domain administrator credentials to untrusted parties.
TIBCO has released an update which addresses this issue. TIBCO strongly recommends sites running the affected components to install the update and take corrective action as described below.
Impact
An attacker local to any system participating in a TIBCO domain could access the credentials of the administrator of the TIBCO domain. With these credentials, the attacker can then execute arbitrary code on any system that is a participant in the TIBCO domain.
Solution
Change permissions on all existing TIBCO domain properties files to prevent access by untrusted users.
Upgrade TIBCO Runtime Agent to version 5.6.2 or above. If an upgrade is not possible at this time, explicitly set permissions on any newly created TIBCO domain properties files until such time as an upgrade can be done.