CVE-2011-0649

Name of the Vulnerable Software and Affected Versions TIBCO Rendezvous versions 8.2.1 through 8.3.0 TIBCO Enterprise Message Service (EMS) versions 5.1.0 through 6.0.0 TIBCO Runtime Agent (TRA) versions 5.6.2 through 5.7.0 TIBCO Silver BPM Service version prior to 1.0.4 TIBCO Silver CAP Service version prior to 1.0.2 TIBCO Silver BusinessWorks Service version 1.0.0

Description The issue allows local users to gain root privileges via unknown vectors related to SUID and certain daemons, including (1) Rendezvous Routing Daemon (rvrd), (2) Rendezvous Secure Daemon (rvsd), (3) Rendezvous Secure Routing Daemon (rvsrd), and (4) EMS Server (tibemsd), when running on Unix systems.

Recommendations For TIBCO Rendezvous versions 8.2.1 through 8.3.0, consider disabling the rvrd, rvsd, and rvsrd daemons until a patch is available. For TIBCO Enterprise Message Service (EMS) versions 5.1.0 through 6.0.0, restrict access to the tibemsd daemon to minimize the risk of exploitation. For TIBCO Runtime Agent (TRA) versions 5.6.2 through 5.7.0, avoid using SUID-related functionality until the issue is resolved. For TIBCO Silver BPM Service version prior to 1.0.4, update to version 1.0.4 or later. For TIBCO Silver CAP Service version prior to 1.0.2, update to version 1.0.2 or later. For TIBCO Silver BusinessWorks Service version 1.0.0, consider applying configuration changes to restrict SUID-related access until a patch is available.