CVE-2009-1291 Information

Description

Stack-based buffer overflow in TIBCO SmartSockets before 6.8.2 SmartSockets Product Family (aka RTworks) before 4.0.5 and Enterprise Message Service (EMS) 4.0.0 through 5.1.1 as used in SmartSockets Server and RTworks Server (aka RTserver) SmartSockets client libraries and add-on products RTworks libraries and components EMS Server (aka tibemsd) SmartMQ iProcess Engine ActiveMatrix products and CA Enterprise Communicator allows remote attackers to execute arbitrary code via \inbound data\ as demonstrated by requests to the UDP interface of the RTserver component and data injection into the TCP stream to tibemsd.

Reference

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=785 http://secunia.com/advisories/34911 http://securitytracker.com/id?1022129 http://www.harmonysecurity.com/blog/2009/04/tibco-smartsockets-stack-buffer.html http://www.securityfocus.com/bid/34754 http://www.tibco.com/multimedia/security_advisory_ems_tcm8-7558.txt http://www.tibco.com/multimedia/security_advisory_rtworks_tcm8-7559.txt http://www.tibco.com/multimedia/security_advisory_smartsockets_tcm8-7560.txt http://www.tibco.com/services/support/advisories/default.jsp http://www.tibco.com/services/support/advisories/smartsockets-sspfm-ems_advisory_20090428.jsp http://www.vupen.com/english/advisories/2009/1198 https://exchange.xforce.ibmcloud.com/vulnerabilities/50214