IBM Security Bulletin: IBM MQ could allow an authenticated user to insert messages with malformed data into the channel which would cause it to restart. (CVE-2017-1433)

Malformed header data in an MQ message could trigger a server-connection channel process to terminate, which might deny service to other connected clients using the same channel process.

CVE(s): CVE-2017-1433

Affected product(s) and affected version(s):

IBM MQ V7.5

• Maintenance levels 7.5.0.0 – 7.5.0.8

IBM MQ V8.0

• Maintenance levels 8.0.0.0 – 8.0.0.7

IBM MQ V9 LTS

• Maintenance levels 9.0.0.0 – 9.0.0.1

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2iVSauK
X-Force Database: http://ift.tt/2AXQqby

The post IBM Security Bulletin: IBM MQ could allow an authenticated user to insert messages with malformed data into the channel which would cause it to restart. (CVE-2017-1433) appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team http://ift.tt/2iWs8aR