IBM MQ including MQ Explorer installed on Linux x86-64 environment. After the completion of installation, all directories under opt/mqm/mqexplorer/eclipse are created with owner “555” (non-existant user) and group mqm. This vulnerability allows a local user to alter the contents of the opt/mqm/mqexplorer/eclipse directory and make the product unusuable.
CVE(s): CVE-2016-6089
Affected product(s) and affected version(s):
IBM MQ v9.0.0.0
IBM MQ v9.0.1
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2smebBZ
X-Force Database: http://ift.tt/2ro8NRG
The post IBM Security Bulletin: MQ Explorer directory created with owner ‘555’ on Linux x86-64 vulnerability affects IBM MQ (CVE-2016-6089) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2smzaF3
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.