Overview

This security update is covered by CVE-2016-9176 - Rumba 9.4 stack buffer overflow in the send.exe and receive.exe components.

Affected Products

Micro Focus Rumba 9.4

Description

This security update addresses potential issues caused by local stack overflows in Micro Focus Rumba 9.4 send.exe and receive.exe executables which could allow a local attacker to inject arguments into these binaries to execute code. Please note the attack could only be performed if the attacker already had access to the file system on the target machine.

Fixed in

Rumba 9.4 hotfix 15282 has been released to address this issue.

Thanks

We would like to give special thanks to Umit Aksu who discovered this vulnerability and reported it to us.