Rendezvous < 8.0.0 Crafted Packet Remote DoS
High Nessus Plugin ID 28376
SynopsisThe remote host contains an application that is prone to a denial of service attack.
DescriptionThe remote host appears to be running Rendezvous, a commercial messaging software product used for building distributed applications
According to its banner, Rendezvous' rvd daemon fails to properly validate input in incoming packets before using it to allocate memory. By sending a specially crafted packet with a length field of 0, an unauthenticated, remote attacker may be able to leak memory and eventually exhaust memory on the affected system.
SolutionUpgrade to TIBCO Rendezvous version 8.0 or later as that reportedly addresses the issue.