Rendezvous < 8.0.0 Crafted Packet Remote DoS

high Nessus Plugin ID 28376
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote host contains an application that is prone to a denial of service attack.

Description

The remote host appears to be running Rendezvous, a commercial messaging software product used for building distributed applications

According to its banner, Rendezvous' rvd daemon fails to properly validate input in incoming packets before using it to allocate memory. By sending a specially crafted packet with a length field of 0, an unauthenticated, remote attacker may be able to leak memory and eventually exhaust memory on the affected system.

Solution

Upgrade to TIBCO Rendezvous version 8.0 or later as that reportedly addresses the issue.

See Also

http://www.nessus.org/u?ab43b01a

Plugin Details

Severity: High

ID: 28376

File Name: rendezvous_8_0_0.nasl

Version: 1.14

Type: remote

Published: 12/2/2007

Updated: 9/21/2020

Dependencies: http_version.nasl

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:tibco:rendezvous

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 7/31/2007

Reference Information

CVE: CVE-2007-4158

BID: 25132

CWE: 399