Tibco middleware in zero-day security flap | The Register

Skip to content

Security:

News Tools

Reg Shops

Top Stories

Read more top stories

Related Whitepapers

The Perfect (Virtual) Marriage
Deduplication and VMware
SSL in High-Security Browsers
The Browser Security Revolution
Gartner Paper: US Data Centers
The Calm Before the Storm
What Every E-Business Should Know about SSL Security and Consumer Trust
A Verisign Business Guide
Making Green IT a Reality
Customer Perspectives on the Impact of Storage Vendor Decisions on Power, Cooling, & Space in Enterprise Data Centers
How IT Management Can "Green" the Data Center
A Gartner Report

The Register » Security »

Tibco middleware in zero-day security flap

Multicasting migraine

By John Leyden → More by this author

Published Thursday 18th October 2007 13:44 GMT

How IT Management Can "Green" the Data Center - Free Download

Security researchers have identified multiple unpatched vulnerabilities in a widely-used content distribution package.

Tibco's SmartPGM FX multicasting software is prone to multiple remote vulnerabilities, including four stack-based buffer-overflow flaws, a format-string issue, and a potential denial of service bug.

Hackers might exploit these issues to execute arbitrary code or cause denial-of-service attacks, warns UK consultancy Information Risk Management (IRM).

IRM, which has a track record of discovering bugs in the software, is withholding details of the flaws pending the availability of patches from Tibco.

To date, there's no evidence that the bugs have being used in anger by hackers. Nonetheless, the discovery of the bugs illustrates a wider range of software packages than is commonly imagined can be subject to so-called zero-day vulnerabilities. ®

Save money taking your comms online - Free live event - Register now

2 comments posted — Comment period finished

Nothing to see, move on

Posted: 08:34 19th October 2007

interesting for sector players

Posted: 12:08 19th October 2007

Track this type of story as a custom Atom/RSS feed or by email.

Related stories

Researcher releases unofficial IE fix for URI bug (16 October 2007)
Tibco backs Ajax with message bus (3 August 2007)
The rise of zero-day patches (2 March 2007)
Tibco takes pop at SOA complexity (7 December 2006)
Unofficial zero-day patches gain corporate support (4 April 2006)

Post to Slashdot

Add to del.icio.us

Previous Article

From small embedded OS to the world's most used open mobile OS

whitepaper title

The Perfect (Virtual) Marriage

Get consistent virtual machine storage savings of 50% (often as high as 90%) with virtually no performance impact with NetApp deduplication..

whitepaper title

Gartner Paper: US Data Centers

U.S. enterprise data centers face considerable space and energy constraints over the next few years. Download this free independent report to read more..

Whitepapers
The Ideal Environment for a Blade Infrastructure Combating the increasing cost of email Java and J2EE performance Redefining FOTA deployment in EMEA

How IT Management Can "Green" the Data Center

A Gartner Report

Download for free NOW

Top 20 stories • All The Week’s Headlines • Archive • Search