Operating System:

[Solaris]

Published:

26 September 2012

Protect yourself against future threats.

//Service

Member Security Incident Notifications

Be proactive with your security and receive our daily Member Security Incident Notifications (MSINs) custom to your network.

Read more
Resources > Security Bulletins > ESB-2012.0920 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2012.0920
WebSphere MQ Security Vulnerability: potential denial of service attack on
                  multiplexed server connection channels
                             26 September 2012

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           IBM WebSphere MQ
Publisher:         IBM
Operating System:  Solaris
Impact/Access:     Denial of Service -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2012-2199  

Original Bulletin: 
   http://www-01.ibm.com/support/docview.wss?uid=swg21610285

- --------------------------BEGIN INCLUDED TEXT--------------------

WebSphere MQ Security Vulnerability: potential denial of service attack on 
multiplexed server connection channels 

Flash (Alert)

Document information

WebSphere MQ

Security

Software version:
7.0.1, 7.1, 7.5

Operating system(s):
Solaris

Software edition:
All Editions

Reference #:
1610285

Modified date:
2012-09-20

Abstract

WebSphere MQ Security Vulnerability: There is the potential for a client 
application to cause an invalid address alignment exception in the server 
message channel agent on a Solaris queue manager to perform a denial of 
service attack. 

Content

VULNERABILITY DETAILS

CVE ID: CVE-2012-2199

DESCRIPTION: 
There is the potential for a client application to cause an 
invalid address alignment exception in the server message channel agent on a 
Solaris queue manager to perform a denial of service attack.

CVSS: 
CVSS Base Score: 5 
CVSS Temporal Score: See 
http://xforce.iss.net/xforce/xfdb/76434 for the current score CVSS 
Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) *The
CVSS Environment Score is customer environment specific and will ultimately 
impact the Overall CVSS Score. Customers can evaluate the impact of this 
vulnerability in their environments by accessing the links in the Reference 
section of this Flash.

AFFECTED PLATFORMS:

    WebSphere MQ 7.0.1 server on Solaris (SPARC & x86-64) WebSphere MQ 7.1 
server on Solaris (SPARC & x86-64) WebSphere MQ 7.5 server on Solaris (SPARC &
x86-64)

REMEDIATION: 
The recommended solution is to apply the fix for each named 
product as soon as practical. Please see below for information on the fixes 
available.

FIX 
For WebSphere MQ 7.0.1 on Solaris platforms, apply fix pack 7.0.1.9. For 
WebSphere MQ 7.1 on Solaris platforms, apply APAR IC82725 For WebSphere MQ 7.5
on Solaris platforms, apply APAR IC82725

WORKAROUND: 
None known; apply fixes.

Mitigation None known

REFERENCES: 
Complete CVSS Guide (http://www.first.org/cvss/cvss-guide.html) 
On-line Calculator V2 (http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2)
X-Force Vulnerability Database (http://xforce.iss.net/xforce/xfdb/76434) 
CVE-2012-2199 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2199)

CHANGE HISTORY: 
20th September 2012: Original Copy Published

Note: According to the Forum of Incident Response and Security Teams (FIRST),
the Common Vulnerability Scoring System (CVSS) is an "industry open standard 
designed to convey vulnerability severity and help to determine urgency and 
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY 
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT 
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

Related information

X-Force Vulnerability CVE-2012-2199

Product Alias/Synonym

WMQ MQ Copyright and trademark information

IBM, the IBM logo and ibm.com are trademarks of International Business 
Machines Corp., registered in many jurisdictions worldwide. Other product and
service names might be trademarks of IBM or other companies. A current list of
IBM trademarks is available on the Web at "Copyright and trademark 
information" at www.ibm.com/legal/copytrade.shtml.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBUGKZ5u4yVqjM2NGpAQLKUQ//ThqZEtbRgZkhQmp2VjcbPoN+Dsdw82kr
TH94K3ptfT5g/DAwng+QQeJrN0o7+HmZWSY/zVY6PAWSopDrMY/5izqyITkwH1mQ
EAYKIcrIp0BhSv2HpQRKApDpgMDAHoKOxaB7kmgDSkU0ShQpj+55trjQFnnH6XHW
DKICObONSO2EW1/A37z/3utXGnC+oCwyvbtE0p8D1Z7trqkrCIVSebKdHmwbVyPw
wBj9HJUk+uWo2ZK1egiR8lEwPmYXfmAS4vr1k/ShP1Ax7AtdvOPlU9hqiqxVYNWx
CQ40EBt/A2X8ho0AcO67NwBu2yW7CqRKvGGkhXFjeS6+0622/ivS4EMALKRqvdvO
DFlnJg75GQV9rRpXUq1rfAazqAXD5XEQk0+RihpWV7AmW+6EGpO/cfZU9YNbNl52
/RUqGO3SubJMPyUYr9QgWMHlJetOITtL4zhP2EqIfTEYygxnL/XtoF0rekrHWecp
yJyT6+lxl7OvG1NzqFikyWi5oUO3UeSy43Fx6Go8kX3ykd8BVC6ja9h8CWFtB3sl
DCH9dq/IbOvP5aXAlkC2+ei0tn6+tHoqY8pw5MhItsryPHlmLHhw36Rz/dpSW4zP
+sPQmlrTFwbu7poK2/HMX/LZl84FRjaVS+c4x7MyhNyuERv5V+0JMp7twKM/WxDn
bSL/1v0ibxM=
=h1jN
-----END PGP SIGNATURE-----