[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <5f4333a90710170911n19228d9cw3d7f0b43dfc41cdb@mail.gmail.com>
Date: Wed, 17 Oct 2007 11:11:12 -0500
From: phioust <phioust@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: IRM Vendor Alerts: Six critical remote
vulnerabilities in TIBCO SmartPGM FX
and how many use the product you found the vulnerability in?
On 10/17/07, Andy Davis <andy.davis@...plc.com> wrote:
>
> Yeah, you're right – no-one uses TIBCO products….
>
>
>
> http://www.tibco.com/customers/default.jsp
>
>
>
> Andy
>
>
> ------------------------------
>
> *From:* phioust [mailto:phioust@...il.com]
> *Sent:* 16 October 2007 19:06
> *To:* full-disclosure@...ts.grok.org.uk; Andy Davis
> *Subject:* Re: [Full-disclosure] IRM Vendor Alerts: Six critical remote
> vulnerabilities in TIBCO SmartPGM FX
>
>
>
> LOL
>
> Results *1* - *10* of about *464* for *"TIBCO SmartPGM FX"*. (*0.24*seconds)
>
> why does irm waste their research on shit that no one uses? Is irm going
> to be the next morning_wood?
>
> ps: thanks for your ollydbg tutorial at http://milw0rm.com/papers/178.
> There is not already 1000s of guides online explaining how to set
> breakpoints and find imports so thanks for this valuable information.
>
> On 10/16/07, *Andy Davis* <andy.davis@...plc.com> wrote:
>
> IRM have discovered six critical remote vulnerabilities in TIBCO SmartPGM
> FX. Five of these vulnerabilities could potentially result in an attacker
> gaining remote administrative control of the server on which SmartPGM FX is
> running and therefore, also allow access to any data stored on or being
> communicated by the server.
>
> The final vulnerability, a Denial of Service attack, would stop the
> SmartPGM FX service so that file transfers could not be performed.
>
> More information can be found at the following location:
>
> http://www.irmplc.com/index.php/111-Vendor-Alerts
>
> Once TIBCO has produced either workarounds or patches to mitigate these
> vulnerabilities, IRM will release advisories which will include full
> technical details.
>
>
>
> Andy Davis| Chief Research Officer
>
> Information Risk Management Plc
> 8th Floor | Kings Building | Smith Square | London SW1P 3JJ
> Tel: +44 (0) 1242 225 205
> Fax: +44 (0) 1242 225 215
> www.irmplc.com
>
> The information contained in this email is privileged and confidential and
> is intended only for the use of the addressee. Unauthorised disclosure,
> copying or distribution of the contents is strictly prohibited. Please reply
> immediately if you receive this email in error and then immediately delete
> it from your system.
>
> Where relevant, any quotation contained within this email is exclusive of
> VAT at the current rate and valid for 30 days from the date of this email.
> Information Risk Management Plc (IRM) does not authorise the creation of
> contracts on its behalf by email. All information contained within this
> email and its attachments are subject to IRM's standard terms and
> conditions, a copy of which is available upon request.
>
> All attachments have been scanned for viruses using regularly updated
> programs. IRM cannot accept liability for any damage you incur as a result
> of virus infection and we advise that you should carry out such virus and
> other checks as you consider appropriate.
> IRM is a company registered in England with company number 3612719. The
> above address is the official registered office of IRM.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists