CVE-2011-0649 — HIGH (7.2) — White Hats Nepal

Q: How severe is CVE-2011-0649?

CVE-2011-0649 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2011-0649?

Check the references section above for vendor advisories and patch information. Affected products include: Tibco Rendezvous, Tibco Enterprise Message Service, Tibco Runtime Agent, Tibco Silver Bpm Service, Tibco Silver Cap Service.

Vulnerability Description

Multiple unspecified vulnerabilities in TIBCO Rendezvous 8.2.1 through 8.3.0, Enterprise Message Service (EMS) 5.1.0 through 6.0.0, Runtime Agent (TRA) 5.6.2 through 5.7.0, Silver BPM Service before 1.0.4, Silver CAP Service vebefore 1.0.2, and Silver BusinessWorks Service 1.0.0, when running on Unix systems, allow local users to gain root privileges via unknown vectors related to SUID and (1) Rendezvous Routing Daemon (rvrd), (2) Rendezvous Secure Daemon (rvsd), (3) Rendezvous Secure Routing Daemon (rvsrd), and (4) EMS Server (tibemsd).

CVSS Score

7.2

HIGH

AV:L/AC:L/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Tibco	Rendezvous	8.2.1
Tibco	Enterprise Message Service	5.1.0
Tibco	Runtime Agent	5.6.2
Tibco	Silver Bpm Service	<= 1.0.3
Tibco	Silver Cap Service	<= 1.0.1
Tibco	Silver Businessworks Service	1.0.0

References

http://secunia.com/advisories/43160Vendor Advisory
http://secunia.com/advisories/43174Vendor Advisory
http://www.securityfocus.com/bid/46104
http://www.tibco.com/multimedia/rv_ems_security_advisory_20110201_tcm8-13185.txtVendor Advisory
http://www.vupen.com/english/advisories/2011/0269Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/65105
http://secunia.com/advisories/43160Vendor Advisory
http://secunia.com/advisories/43174Vendor Advisory
http://www.securityfocus.com/bid/46104
http://www.tibco.com/multimedia/rv_ems_security_advisory_20110201_tcm8-13185.txtVendor Advisory
http://www.vupen.com/english/advisories/2011/0269Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/65105

FAQ

What is CVE-2011-0649?

CVE-2011-0649 is a vulnerability with a CVSS score of 7.2 (HIGH). Multiple unspecified vulnerabilities in TIBCO Rendezvous 8.2.1 through 8.3.0, Enterprise Message Service (EMS) 5.1.0 through 6.0.0, Runtime Agent (TRA) 5.6.2 through 5.7.0, Silver BPM Service before 1...

How severe is CVE-2011-0649?

CVE-2011-0649 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2011-0649?

Check the references section above for vendor advisories and patch information. Affected products include: Tibco Rendezvous, Tibco Enterprise Message Service, Tibco Runtime Agent, Tibco Silver Bpm Service, Tibco Silver Cap Service.