If you use an invalid channel name when you query the saved channel status of an AMQP channel, the IBM MQ queue manager command server terminates. No further commands can be issued on that queue manager.
CVE(s): CVE-2017-1236
Affected product(s) and affected version(s):
IBM MQ 9.0.2 CD
IBM MQ Appliance 9.0.x Continuous Delivery
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2tLVXha
X-Force Database: http://ift.tt/2uJXiCs
The post IBM Security Bulletin: Incorrect saved channel status enquiry could cause denial of service for IBM MQ (CVE-2017-1236) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2tLXhB0
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.