IBMDC05DBB4A1BBFF278D900B7098CB7DBB4E2BDD4B852CE05AF9A66A317A52CDA8Security Bulletin: IBM MQ Appliance is affected by a kernel vulnerability (CVE-2014-2523)
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
Summary
IBM MQ Appliance has addressed the following kernel vulnerability.
Vulnerability Details
CVEID: CVE-2014-2523 DESCRIPTION: Linux Kernel could allow a remote attacker to execute arbitrary code on the system, caused by an error in the /netfilter/nf_conntrack_proto_dccp.c file. By sending a specially-crafted DCCP packet, an attacker could exploit this vulnerability to corrupt kernel stack memory and execute arbitrary code on the system with kernel privileges.
CVSS Base Score: 10
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/91910> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Affected Products and Versions
IBM MQ Appliance 8.0
Maintenance levels between 8.0.0.0 and 8.0.0.9
IBM MQ Appliance 9.0.x Continuous Delivery (CD) Release
Maintenance levels between 9.0.1 and 9.0.5
Remediation/Fixes
IBM MQ Appliance 8.0
Apply fixpack 8.0.0.10 or later
IBM MQ Appliance 9.0.x Continuous Delivery (CD) Release
Apply 9.1 Long Term Support (LTS) release
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm mq appliance | eq | 8.0 | |
| ibm mq appliance | eq | 9.0.1 | |
| ibm mq appliance | eq | 9.0.2 | |
| ibm mq appliance | eq | 9.0.3 | |
| ibm mq appliance | eq | 9.0.4 | |
| ibm mq appliance | eq | 9.0.5 |
Related
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C