客服电话
APP下载
迪恩网络APP
随时随地掌握行业动态
官方微信
扫描二维码
关注迪恩网络微信公众号
|
受影响系统: TIBCO Rendezvous < 8.1.0 TIBCO EMS < 4.4.3 TIBCO iProcess Engine 10.6.0 - 10.6.1 不受影响系统: TIBCO Rendezvous 8.1.0 TIBCO EMS 4.4.3 描述: -------------------------------------------------------------------------------- BUGTRAQ ID: 28717 CVE(CAN) ID: CVE-2008-1703,CVE-2008-1704 TIBCO企业消息服务(EMS)是基于标准的消息传送平台,Rendezvous是一套帮助用户快速构建和部署大规模分布式应用的中间件。 TIBCO EMS服务器(tibemsd)在处理某些入站消息时存在缓冲区溢出漏洞,可能导致执行任意指令、拒绝服务或泄露敏感信息。 Rendezvous的以下组件在处理入站消息时也存在缓冲区溢出漏洞,可能导致执行任意指令、拒绝服务或泄露敏感信息。 * TIBCO Rendezvous Daemon (rvd) * TIBCO Rendezvous Routing Daemon (rvrd) * TIBCO Rendezvous Secure Routing Daemon (rvsrd) * TIBCO Rendezvous Secure Daemon (rvsd) * TIBCO Rendezvous Cache (rvcache) * TIBCO Rendezvous Agent (rva) * TIBCO Rendezvous Relay Agent (rvrad) * TIBCO Rendezvous Performance Test Tool (rvperfm, rvperfs) * TIBCO Rendezvous client library (libtibrv) * TIBCO Rendezvous Server In-Process Module Add-on (libtibrvipm) * TIBCO Rendezvous Access Control List Daemon (rvacld) * TIBCO Rendezvous TX daemon (rvtxd) * TIBCO iProcess Engine Process Sentinal (procmgr, pmsulib) * TIBCO Substation ES RV Transformer (tibssxfr) * TIBCO File Adapter (z/OS) Publisher (sxf3rpub) * TIBCO File Adapter (z/OS) Subscriber (sxf3rsub) <*来源:TIBCO 链接:http://secunia.com/advisories/29775/ http://secunia.com/advisories/29774/ http://www.tibco.com/resources/mk/rendezvous_security_advisory_20080409.txt http://www.tibco.com/resources/mk/ems_security_advisory_20080409.txt *> 建议: -------------------------------------------------------------------------------- 厂商补丁: TIBCO ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.tibco.com/software/messaging/rendezvous.jsp |
请发表评论