CVE-2006-2829

Buffer overflow in Hawk Monitoring Agent (HMA) for TIBCO Hawk before 4.6.1 and TIBCO Runtime Agent (TRA) before 5.4 allows authenticated users to execute arbitrary code via the configuration for tibhawkhma.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 3.1 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/20431	Vendor Advisory
http://securitytracker.com/id?1016223
http://www.kb.cert.org/vuls/id/620516	Patch US Government Resource
http://www.securityfocus.com/bid/18300
http://www.tibco.com/resources/mk/hawk_security_advisory.txt	Patch Vendor Advisory
http://www.vupen.com/english/advisories/2006/2156
https://exchange.xforce.ibmcloud.com/vulnerabilities/26938

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:tibco:hawk:4.6.0:::::::*
	cpe:2.3:a:tibco:hawk_monitoring_agent::::::::
	cpe:2.3:a:tibco:runtime_agent:5.3:::::::*

History

No history.

Information

Published : 2006-06-05 20:06

Updated : 2024-02-28 10:42

NVD link : CVE-2006-2829

Mitre link : CVE-2006-2829

CVE.ORG link : CVE-2006-2829

JSON object : View

Products Affected

tibco

hawk
hawk_monitoring_agent
runtime_agent

CWE

NVD-CWE-Other

{"id": "CVE-2006-2829", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": true, "exploitabilityScore": 3.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-06-05T20:06:00.000", "references": [{"url": "http://secunia.com/advisories/20431", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1016223", "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/620516", "tags": ["Patch", "US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/18300", "source": "cve@mitre.org"}, {"url": "http://www.tibco.com/resources/mk/hawk_security_advisory.txt", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/2156", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26938", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in Hawk Monitoring Agent (HMA) for TIBCO Hawk before 4.6.1 and TIBCO Runtime Agent (TRA) before 5.4 allows authenticated users to execute arbitrary code via the configuration for tibhawkhma."}], "lastModified": "2017-07-20T01:31:48.803", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tibco:hawk:4.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F540B195-58CD-4491-9D4F-9BCB87F696AC"}, {"criteria": "cpe:2.3:a:tibco:hawk_monitoring_agent:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B63E05C-0726-4C19-A80E-A2CFDA8FA887"}, {"criteria": "cpe:2.3:a:tibco:runtime_agent:5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ACF12C0E-8768-4A03-B56B-D635076B01C8"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}