Release date: 2011-11-16
Updated on: 2011-11-17
Affected Systems:
IBM WebSphere MQ 6.x
Unaffected system:
IBM WebSphere MQ 6.0.2.11
Description:
--------------------------------------------------------------------------------
Bugtraq id: 50693
IBM WebSphere MQ is used to provide message transmission services in enterprises.
IBM WebSphere MQ does not restrict access to some WebSphere MQ control commands. You can use the ENDMQCSV control command to stop the command server on the specified queue manager. To successfully exploit this vulnerability, you must set the default MQM group permissions on the system.
<* Source: IBM (ncsupp@ca.ibm.com)
Link: http://www-01.ibm.com/support/docview.wss? Uid = swg1IC78034
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
IBM
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.ers.ibm.com/