Rendezvous < 7.5.1 HTTP Admin Interface Remote Overflow

This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

The remote server is prone to a buffer overflow attack.

Description :

The remote host appears to be running Rendezvous, a commercial
messaging software product used for building distributed applications

According to its banner, several of the components in the version of
Rendezvous installed on the remote host contain a buffer overflow
vulnerability in the HTTP administrative interface that may allow
arbitrary code execution subject to the privileges of the user that
invoked the daemon, or 'nobody' in the case the remote system is
'unix' and the invoking user was 'root'.

See also :

http://www.tibco.com/services/support/advisories/rendezvous_advisory.jsp

Solution :

Upgrade to Rendezvous 7.5.1 or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.8
(CVSS2#E:F/RL:W/RC:C)
Public Exploit Available : true

Family: Gain a shell remotely

Nessus Plugin ID: 21677 ()

Bugtraq ID: 18301

CVE ID: CVE-2006-2830