| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 17 Oct 2007 09:47:49 +0100
From: "Andy Davis" <andy.davis@...plc.com>
To: "phioust" <phioust@...il.com>,
<full-disclosure@...ts.grok.org.uk>
Subject: Re: IRM Vendor Alerts: Six critical remote
vulnerabilities in TIBCO SmartPGM FX
Yeah, you're right - no-one uses TIBCO products....
http://www.tibco.com/customers/default.jsp
Andy
________________________________
From: phioust [mailto:phioust@...il.com]
Sent: 16 October 2007 19:06
To: full-disclosure@...ts.grok.org.uk; Andy Davis
Subject: Re: [Full-disclosure] IRM Vendor Alerts: Six critical remote
vulnerabilities in TIBCO SmartPGM FX
LOL
Results 1 - 10 of about 464 for "TIBCO SmartPGM FX". (0.24 seconds)
why does irm waste their research on shit that no one uses? Is irm going
to be the next morning_wood?
ps: thanks for your ollydbg tutorial at http://milw0rm.com/papers/178.
There is not already 1000s of guides online explaining how to set
breakpoints and find imports so thanks for this valuable information.
On 10/16/07, Andy Davis <andy.davis@...plc.com> wrote:
IRM have discovered six critical remote vulnerabilities in TIBCO
SmartPGM FX. Five of these vulnerabilities could potentially result in
an attacker gaining remote administrative control of the server on which
SmartPGM FX is running and therefore, also allow access to any data
stored on or being communicated by the server.
The final vulnerability, a Denial of Service attack, would stop the
SmartPGM FX service so that file transfers could not be performed.
More information can be found at the following location:
http://www.irmplc.com/index.php/111-Vendor-Alerts
Once TIBCO has produced either workarounds or patches to mitigate these
vulnerabilities, IRM will release advisories which will include full
technical details.
Andy Davis| Chief Research Officer
Information Risk Management Plc
8th Floor | Kings Building | Smith Square | London SW1P 3JJ
Tel: +44 (0) 1242 225 205
Fax: +44 (0) 1242 225 215
www.irmplc.com
The information contained in this email is privileged and confidential
and is intended only for the use of the addressee. Unauthorised
disclosure, copying or distribution of the contents is strictly
prohibited. Please reply immediately if you receive this email in error
and then immediately delete it from your system.
Where relevant, any quotation contained within this email is exclusive
of VAT at the current rate and valid for 30 days from the date of this
email. Information Risk Management Plc (IRM) does not authorise the
creation of contracts on its behalf by email. All information contained
within this email and its attachments are subject to IRM's standard
terms and conditions, a copy of which is available upon request.
All attachments have been scanned for viruses using regularly updated
programs. IRM cannot accept liability for any damage you incur as a
result of virus infection and we advise that you should carry out such
virus and other checks as you consider appropriate.
IRM is a company registered in England with company number 3612719. The
above address is the official registered office of IRM.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists