Software Engineering Institute

TIBCO Hawk is a tool for monitoring and managing distributed applications and systems throughout an enterprise. A buffer overflow vulnerability has been discovered in the configuration interface to the TIBCO Hawk Monitoring Agent. According to the vendor, the following products are affected:

• TIBCO Hawk versions below 4.6.1
• TIBCO Runtime Agent (TRA) versions below 5.4
  
  The following components are affected:
  
• TIBCO Hawk HMA (tibhawkhma)

A local attacker who is able to modify the configuration of the tibhawkhma program may be able to execute arbitrary code with administrative privileges. TIBCO states the following:
If the tibhawkhma program is installed as suid root on a Unix system, the successful exploit will allow arbitrary code execution with root privileges.

If the tibhawkhma program is installed as a system service on a Windows system, the successful exploit will allow arbitrary code execution with system service privileges.

Upgrade

TIBCO Software, Inc. has released an updated version of the affected software to address this vulnerability. Users are strongly encouraged to upgrade to TIBCO Hawk version 4.6.1 or later. More information can be found in the TIBCO Hawk Security Advisory FAQ for this issue.

Workarounds

TIBCO recommends that users who are not able to upgrade employ all of the following workarounds:

• Set the permissions of the tibhawkhma configuration file such that only the system administrator may write to the configuration file.
• Set the permissions of the tibhawkhma executable such that only the system administrator may launch the program.
• On Unix systems, Set the permissions of the tibhawkhma executable such that it is not setuid.