IBM WebSphere MQ for HP NonStop Server Lets Local Users Perform Administrative Tasks
|
|
SecurityTracker Alert ID: 1019610 |
|
SecurityTracker URL: http://securitytracker.com/id/1019610
|
|
CVE Reference:
CVE-2008-1592
(Links to External Site)
|
Updated: Apr 1 2008
|
Original Entry Date: Mar 13 2008
|
Impact:
User access via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 5.1
|
Description:
A vulnerability was reported in IBM WebSphere MQ for HP NonStop Server. A local user can perform administrative tasks.
A local user that is not in the 'mqm' group can invoke the Pathway panels and 'runmqsc' to start and stop channels and perform other administrative tasks.
|
Impact:
A local user can bypass security controls and perform administrative tasks.
|
Solution:
The vendor has issued a fix (5.3).
The IBM advisory is available at:
http://www-1.ibm.com/support/docview.wss?uid=swg21297035
|
Vendor URL: www-1.ibm.com/support/docview.wss?uid=swg21297035 (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Thu, 13 Mar 2008 10:23:22 -0500
Subject: IBM WebSphere MQ for HP NSS
|
http://www-1.ibm.com/support/docview.wss?uid=swg21297035
|
|
