Tibco middleware in zero-day security flap | The Register

Skip to content

Security:

News Tools

Reg Shops

Top Stories

Read more top stories

Related Whitepapers

Solution Brief: Reduce Energy Costs
With Green IT Solutions
Enforce Your Email and Web Acceptable Usage Policies
Not Just Words
Making Green IT a Reality
Customer Perspectives on the Impact of Storage Vendor Decisions on Power, Cooling, & Space in Enterprise Data Centers
Search Engine Link Spam
Risks, Threats, Solution
The Perfect (Virtual) Marriage
Deduplication and VMware
Eliminating the Security Risk of Sending Confidential Information by Email
Email Encryption

The Register » Security »

Tibco middleware in zero-day security flap

Multicasting migraine

By John Leyden → More by this author

Published Thursday 18th October 2007 13:44 GMT

Security researchers have identified multiple unpatched vulnerabilities in a widely-used content distribution package.

Tibco's SmartPGM FX multicasting software is prone to multiple remote vulnerabilities, including four stack-based buffer-overflow flaws, a format-string issue, and a potential denial of service bug.

Hackers might exploit these issues to execute arbitrary code or cause denial-of-service attacks, warns UK consultancy Information Risk Management (IRM).

IRM, which has a track record of discovering bugs in the software, is withholding details of the flaws pending the availability of patches from Tibco.

To date, there's no evidence that the bugs have being used in anger by hackers. Nonetheless, the discovery of the bugs illustrates a wider range of software packages than is commonly imagined can be subject to so-called zero-day vulnerabilities. ®

Email Encryption report: Eliminating the Security Risk of Sending Confidential Information by Email

2 comments posted — Comment period finished

Nothing to see, move on

Posted: 08:34 19th October 2007

interesting for sector players

Posted: 12:08 19th October 2007

Track this type of story as a custom Atom/RSS feed or by email.

Related stories

Researcher releases unofficial IE fix for URI bug (16 October 2007)
Tibco backs Ajax with message bus (3 August 2007)
The rise of zero-day patches (2 March 2007)
Tibco takes pop at SOA complexity (7 December 2006)
Unofficial zero-day patches gain corporate support (4 April 2006)

Post to Slashdot

Add to del.icio.us

Previous Article

From small embedded OS to the world's most used open mobile OS

whitepaper title

Solution Brief: Reduce Energy Costs

Energy consumption has become a big issue. Dramatically increase server utilization and significantly reduce energy costs through Virtualization..

whitepaper title

Enforce Your Email and Web Acceptable Usage Policies

Unmanaged employee use of email and the web can subject any organization to costly risks. Learn how clearly written Email and Web Acceptable Usage Policies (AUPs) can protect your business.

Whitepapers	Jobs
Security Beyond Corporate Boundaries Traditional Security Systems will not Protect Against All Web-Borne Threats Ten Errors to Avoid When Commissioning a Data Center [WP149] The Different Types of Air Conditioning Equipment for IT Environments [WP59]	Perl/Java Developer Sr Perl Programmer, Linux Admin Perl/Financial Application Developers Remove non english characters small perl job Perl Developer at Online Media Company

Top 20 stories • All The Week’s Headlines • Archive • Search