漏洞类别:Local
漏洞等级: 
漏洞信息
IBM MQ is a message oriented middleware that allows independent and non-concurrent applications on a distributed system to communicate with each other.
IBM MQ is vulnerable to multiple vulnerabilities in glibc which can allow a remote attacker cause a buffer overflow, execute arbitrary code on the system, cause information disclosure or cause the application to crash.
Affected Version:
IBM MQ Appliance Versions 9.0.1 and 9.0.2
QID Detection Logic (authenticated):
The QID checks for the Registry Key "HKLM\SOFTWARE\IBM\MQSeries\CurrentVersion" value "VRMF" to see if the system is running a vulnerable version of IBM MQ or not.
漏洞危害
Successful exploitation of the vulnerabilities may allow denial of service, execution of arbitrary code or information disclosure.
解决方案
Please refer to IBM advisory swg22003816 for further information.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论