Vulnerability CVE-2011-0649
Published: 2011-02-03   Modified: 2012-02-13

Description:
Multiple unspecified vulnerabilities in TIBCO Rendezvous 8.2.1 through 8.3.0, Enterprise Message Service (EMS) 5.1.0 through 6.0.0, Runtime Agent (TRA) 5.6.2 through 5.7.0, Silver BPM Service before 1.0.4, Silver CAP Service vebefore 1.0.2, and Silver BusinessWorks Service 1.0.0, when running on Unix systems, allow local users to gain root privileges via unknown vectors related to SUID and (1) Rendezvous Routing Daemon (rvrd), (2) Rendezvous Secure Daemon (rvsd), (3) Rendezvous Secure Routing Daemon (rvsrd), and (4) EMS Server (tibemsd).

Type:

CWE-noinfo

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Tibco -> Enterprise message service 
Tibco -> Rendezvous 
Tibco -> Runtime agent 
Tibco -> Silver bpm service 
Tibco -> Silver businessworks service 
Tibco -> Silver cap service 

 References:
http://xforce.iss.net/xforce/xfdb/65105
http://www.vupen.com/english/advisories/2011/0269
http://www.tibco.com/multimedia/rv_ems_security_advisory_20110201_tcm8-13185.txt
http://www.securityfocus.com/bid/46104
http://secunia.com/advisories/43174
http://secunia.com/advisories/43160
Copyright 2024, cxsecurity.com

 

Back to Top