CVE-2009-1291

{"id": "CVE-2009-1291", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-04-30T20:30:00.377", "references": [{"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=785", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/34911", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1022129", "source": "cve@mitre.org"}, {"url": "http://www.harmonysecurity.com/blog/2009/04/tibco-smartsockets-stack-buffer.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/34754", "source": "cve@mitre.org"}, {"url": "http://www.tibco.com/multimedia/security_advisory_ems_tcm8-7558.txt", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.tibco.com/multimedia/security_advisory_rtworks_tcm8-7559.txt", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.tibco.com/multimedia/security_advisory_smartsockets_tcm8-7560.txt", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.tibco.com/services/support/advisories/default.jsp", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.tibco.com/services/support/advisories/smartsockets-sspfm-ems_advisory_20090428.jsp", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2009/1198", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50214", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in TIBCO SmartSockets before 6.8.2, SmartSockets Product Family (aka RTworks) before 4.0.5, and Enterprise Message Service (EMS) 4.0.0 through 5.1.1, as used in SmartSockets Server and RTworks Server (aka RTserver), SmartSockets client libraries and add-on products, RTworks libraries and components, EMS Server (aka tibemsd), SmartMQ, iProcess Engine, ActiveMatrix products, and CA Enterprise Communicator, allows remote attackers to execute arbitrary code via \"inbound data,\" as demonstrated by requests to the UDP interface of the RTserver component, and data injection into the TCP stream to tibemsd."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en TIBCO SmartSockets antes de v6.8.2, SmartSockets Product Family (alias RTworks) antes de v4.0.5, y Enterprise Message Service (EMS) v4.0.0 hasta v5.1.1, utilizado en SmartSockets Server y RTworks Server (alias RTserver), librerias del cliente SmartSockets y productos con el complemento, \r\nlibrerias y componentes RTworks, EMS Server (alias tibemsd), SmartMQ, iProcess Engine, productos ActiveMatrix, y CA Enterprise Communicator, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de \"inbound data,\" (datos de entrada), como lo demuestran las solicitudes de la interfaz UDP de el componente RTserver, y inyecci\u00f3n de datos en el flujo TCP a tibemsd."}], "lastModified": "2017-08-17T01:30:16.693", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tibco:enterprise_message_service:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6217FE17-B839-43F5-BE35-F4A01C40DA22", "versionEndIncluding": "5.1.1"}, {"criteria": "cpe:2.3:a:tibco:enterprise_message_service:4.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A391F64-B618-4961-942C-109CE548FBB9"}, {"criteria": "cpe:2.3:a:tibco:enterprise_message_service:4.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3811EEE8-ED90-4272-BDC9-9FBB7E2ABC50"}, {"criteria": "cpe:2.3:a:tibco:enterprise_message_service:4.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72D4BFCE-FD9B-45D8-B23A-B928B86ED2B8"}, {"criteria": "cpe:2.3:a:tibco:enterprise_message_service:4.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8B14826-B53E-46DC-8AE9-85776867D341"}, {"criteria": "cpe:2.3:a:tibco:enterprise_message_service:4.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50598050-FAC6-42B6-98E5-D02DF85F1A07"}, {"criteria": "cpe:2.3:a:tibco:enterprise_message_service:4.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D47D8470-3A41-4A12-95B4-B77A97A2AF65"}, {"criteria": "cpe:2.3:a:tibco:rtworks:4.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5E49B105-E110-4A0B-A93B-B93A956B9A06"}, {"criteria": "cpe:2.3:a:tibco:rtworks:4.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "087EFE3D-85C1-4479-B867-AD32A20693A9"}, {"criteria": "cpe:2.3:a:tibco:smartsockets:6.8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1ABE58C-9AF7-4013-A117-D72FF5991F49"}, {"criteria": "cpe:2.3:a:tibco:smartsockets:6.8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A0823AC2-9E58-4669-9DC0-41A5A93B427B"}, {"criteria": "cpe:2.3:a:tibco:smartsockets_rtserver:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3B33DD3-A164-4C13-A961-1E66ACB87DDE", "versionEndIncluding": "6.8.1"}, {"criteria": "cpe:2.3:a:tibco:smartsockets_rtserver:6.8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73DC7F67-3813-4659-9429-78B93C02385B"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}