Full Disclosure mailing list archives
Re: IRM Vendor Alerts: Six critical remote vulnerabilities in TIBCO SmartPGM FX
From: "Andy Davis" <andy.davis () irmplc com>
Date: Wed, 17 Oct 2007 09:47:49 +0100
Yeah, you're right - no-one uses TIBCO products.... http://www.tibco.com/customers/default.jsp Andy ________________________________ From: phioust [mailto:phioust () gmail com] Sent: 16 October 2007 19:06 To: full-disclosure () lists grok org uk; Andy Davis Subject: Re: [Full-disclosure] IRM Vendor Alerts: Six critical remote vulnerabilities in TIBCO SmartPGM FX LOL Results 1 - 10 of about 464 for "TIBCO SmartPGM FX". (0.24 seconds) why does irm waste their research on shit that no one uses? Is irm going to be the next morning_wood? ps: thanks for your ollydbg tutorial at http://milw0rm.com/papers/178. There is not already 1000s of guides online explaining how to set breakpoints and find imports so thanks for this valuable information. On 10/16/07, Andy Davis <andy.davis () irmplc com> wrote: IRM have discovered six critical remote vulnerabilities in TIBCO SmartPGM FX. Five of these vulnerabilities could potentially result in an attacker gaining remote administrative control of the server on which SmartPGM FX is running and therefore, also allow access to any data stored on or being communicated by the server. The final vulnerability, a Denial of Service attack, would stop the SmartPGM FX service so that file transfers could not be performed. More information can be found at the following location: http://www.irmplc.com/index.php/111-Vendor-Alerts Once TIBCO has produced either workarounds or patches to mitigate these vulnerabilities, IRM will release advisories which will include full technical details. Andy Davis| Chief Research Officer Information Risk Management Plc 8th Floor | Kings Building | Smith Square | London SW1P 3JJ Tel: +44 (0) 1242 225 205 Fax: +44 (0) 1242 225 215 www.irmplc.com The information contained in this email is privileged and confidential and is intended only for the use of the addressee. Unauthorised disclosure, copying or distribution of the contents is strictly prohibited. Please reply immediately if you receive this email in error and then immediately delete it from your system. Where relevant, any quotation contained within this email is exclusive of VAT at the current rate and valid for 30 days from the date of this email. Information Risk Management Plc (IRM) does not authorise the creation of contracts on its behalf by email. All information contained within this email and its attachments are subject to IRM's standard terms and conditions, a copy of which is available upon request. All attachments have been scanned for viruses using regularly updated programs. IRM cannot accept liability for any damage you incur as a result of virus infection and we advise that you should carry out such virus and other checks as you consider appropriate. IRM is a company registered in England with company number 3612719. The above address is the official registered office of IRM. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- IRM Vendor Alerts: Six critical remote vulnerabilities in TIBCO SmartPGM FX Andy Davis (Oct 16)
- Re: IRM Vendor Alerts: Six critical remote vulnerabilities in TIBCO SmartPGM FX phioust (Oct 16)
- Re: IRM Vendor Alerts: Six critical remote vulnerabilities in TIBCO SmartPGM FX Andy Davis (Oct 17)
- <Possible follow-ups>
- Re: IRM Vendor Alerts: Six critical remote vulnerabilities in TIBCO SmartPGM FX nigger johnson (Oct 17)
- Re: IRM Vendor Alerts: Six critical remote vulnerabilities in TIBCO SmartPGM FX phioust (Oct 16)