Lucene search

IBM77BE69681E9571D12410CFE01D3224D67F7783E006EADFCC4DB48BB449E558C3

HistoryApr 29, 2019 - 5:40 p.m.

Security Bulletin: IBM MQ can allow an attacker to execute a privilege escalation attack on a local machine. (CVE-2018-1792)

2019-04-2917:40:01

www.ibm.com

0.0004 Low

EPSS

Percentile

5.1%

JSON

Summary

A problem within IBM MQ queue manager libraries could allow an attacker who has mqm login access to a server to use IBM MQ to escalate their privileges on that system and gain access to the root user.

Vulnerability Details

CVEID: CVE-2018-1792 DESCRIPTION: IBM MQ could allow a local user to inject code that could be executed with root privileges.
CVSS Base Score: 8.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148947> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)

Affected Products and Versions

IBM MQ V8

IBM MQ V8 versions 8.0.0.0 - 8.0.0.10

IBM MQ V9 LTS

IBM MQ V9 LTS versions 9.0.0.0 - 9.0.0.5

IBM MQ V9 CD

IBM MQ V9 CD versions 9.0.1 - 9.0.5

IBM MQ V9.1 LTS

IBM MQ V9.1 LTS versions 9.1.0.0

Remediation/Fixes

IBM MQ V8

Apply FixPack 8.0.0.11 .

IBM MQ V9 LTS

Apply FixPack 9.0.0.6

IBM MQ V9 CD

Upgrade to IBM MQ 9.1.1 and follow additional instructions below

Upgrade to IBM MQ 9.1.2

IBM MQ V9.1 LTS

Upgrade to IBM MQ 9.1.0.1 and follow additional instructions below

Apply FixPack 9.1.0.2

Additional Instructions

After you have applied the version specific fix, run the following platform specific commands as root on each affected system. Ensure that the $MQ_INSTALLATION_PATH variable is set to the root installation directory of your MQ installation, for example /opt/mqm, before running the commands. You may use the setmqenv command from the installation to achieve this if desired. If you are patching multiple installations, run the commands against each installation in turn.

Linux

chmod 0700 $MQ_INSTALLATION_PATH/maintenance
chown root:root $MQ_INSTALLATION_PATH/maintenance
chown root:root $MQ_INSTALLATION_PATH/fix-backups*
chmod 0700 $MQ_INSTALLATION_PATH/fix-backups*

Solaris

/usr/bin/find /var/sadm/pkg/mqm* -name save -type d -exec /usr/bin/chmod 700 {} ;
/usr/bin/find /var/sadm/pkg/mqm* -name save -type d -exec /usr/bin/chown root:root {} ;
chown root:root $MQ_INSTALLATION_PATH/fix-backups*
chmod 0700 $MQ_INSTALLATION_PATH/fix-backups*

HP-UX

chmod 0700 /var/adm/sw/save/MQSERIES
chown root:root /var/adm/sw/save/MQSERIES
chown root:root $MQ_INSTALLATION_PATH/fix-backups*
chmod 0700 $MQ_INSTALLATION_PATH/fix-backups*

AIX

chown root:root $MQ_INSTALLATION_PATH/fix-backups*
chmod 0700 $MQ_INSTALLATION_PATH/fix-backups*

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm mqeq8.0.0.0
ibm mqeq8.0.0.1
ibm mqeq8.0.0.2
ibm mqeq8.0.0.3
ibm mqeq8.0.0.4
ibm mqeq8.0.0.5
ibm mqeq8.0.0.6
ibm mqeq8.0.0.7
ibm mqeq8.0.0.8
ibm mqeq8.0.0.9

Name	Operator	Version
ibm mq	eq	8.0.0.0
ibm mq	eq	8.0.0.1
ibm mq	eq	8.0.0.2
ibm mq	eq	8.0.0.3
ibm mq	eq	8.0.0.4
ibm mq	eq	8.0.0.5
ibm mq	eq	8.0.0.6
ibm mq	eq	8.0.0.7
ibm mq	eq	8.0.0.8
ibm mq	eq	8.0.0.9

Rows per page:

1-10 of 231

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for 77BE69681E9571D12410CFE01D3224D67F7783E006EADFCC4DB48BB449E558C3