All things related to multicast

[Eli Dart <>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[re-posted from Bugtraq]

Heads up folks - not sure what this might look like on the wire, but I
could easily see announcements like this contributing to a rise in
attacks on multicast appliances.

                --eli


- -------- Original Message --------
Subject: PGMfuzz - a tool for testing Pragmatic General Multicast
protocol implementations
Date: Tue, 11 Dec 2007 17:42:06 -0000
From: IRM Research 
<>
To: 
<>,
<>

PGM is a reliable multicast transport protocol developed by a group of
vendors including Cisco and TIBCO and described in RFC3208. The
protocol is used in various messaging and middleware products,
including TIBCO's Rendezvous, SmartPGM FX.

IRM have discovered a range of PGM related vulnerabilities in TIBCO
products
(http://www.irmplc.com/index.php/111-Vendor-Alerts---0days#TIBCO) and
as part of the research developed a tool, PGMfuzz for identifying
vulnerabilities in PGM option parsing implementations.

The tool can be downloaded here:

http://www.irmplc.com/index.php/158-Messaging-Systems-Security


- --
Eli Dart                                         Office: (510) 486-5629
ESnet Network Engineering Group                  Fax:    (510) 486-6712
Lawrence Berkeley National Laboratory
PGP Key fingerprint = C970 F8D3 CFDD 8FFF 5486 343A 2D31 4478 5F82 B2B3
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (FreeBSD)

iD8DBQFHXvLYLTFEeF+CsrMRArAcAJ9sqQzBihCCD2jC6t9upAHAPbrpDwCfdSCP
v8KdjbdS/P5/Yp0rF0ADAFA=
=v+MZ
-----END PGP SIGNATURE-----