Lucene search

IBMF87332D0896EDA88AFCFA54277DA993BC3028C0299D45B4572039D3339412C87

HistoryJun 15, 2018 - 7:07 a.m.

Security Bulletin: IBM MQ certain file URLs could cause a buffer overwrite (CVE-2017-9502)

2018-06-1507:07:43

www.ibm.com

0.002 Low

EPSS

Percentile

60.0%

JSON

Summary

A problem within the libcurl library means certain file URLs could cause a buffer overwrite within IBM MQ.

Vulnerability Details

CVEID: CVE-2017-9502**
DESCRIPTION:** libcurl is vulnerable to a heap-based buffer overflow, caused by a flaw in the file protocol. By sending a specially-crafted file URL, a local attacker could overflow a buffer and execute arbitrary code on the system with elevated privilege.
CVSS Base Score: 8.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/127254 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

IBM MQ V9 LTS

IBM MQ V9 LTS Versions 9.0.0.0 - 9.0.0.1

IBM MQ V9 CD

IBM MQ V9 CD Versions 9.0.1 - 9.0.3

Remediation/Fixes

IBM MQ V9 LTS

Apply IBM MQ V9.0.0, Fix Pack 2

IBM MQ V9 CD

Upgrade to IBM MQ V9.0.4

Workarounds and Mitigations

None.

CPENameOperatorVersion
ibm mqeq9.0.4
ibm mqeq9.0.3
ibm mqeq9.0.2
ibm mqeq9.0.1
ibm mqeq9.0.0.2
ibm mqeq9.0.0.1
ibm mqeq9.0

Name	Operator	Version
ibm mq	eq	9.0.4
ibm mq	eq	9.0.3
ibm mq	eq	9.0.2
ibm mq	eq	9.0.1
ibm mq	eq	9.0.0.2
ibm mq	eq	9.0.0.1
ibm mq	eq	9.0

0.002 Low

EPSS

Percentile

60.0%

JSON

Related for F87332D0896EDA88AFCFA54277DA993BC3028C0299D45B4572039D3339412C87