Vulnerabilities > CVE-2009-0439 - Unspecified vulnerability in IBM Websphere MQ
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Unspecified vulnerability in the queue manager in IBM WebSphere MQ (WMQ) 5.3, 6.0 before 6.0.2.6, and 7.0 before 7.0.0.2 allows local users to gain privileges via vectors related to the (1) setmqaut, (2) dmpmqaut, and (3) dspmqaut authorization commands.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 13 |
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 33857 CVE(CAN) ID: CVE-2009-0439 IBM WebSphere MQ用于在企业中提供消息传输服务。 WebSphere MQ的setmqaut、dmpmqaut和dspmqaut授权命令中存在多个安全漏洞,可能允许本地攻击者在系统上获得提升的权限。如果要利用这个漏洞,必须要拥有承载WebSphere MQ机器上的用户帐号。 IBM WebSphere MQ 7.0 IBM WebSphere MQ 6.0 IBM WebSphere MQ 5.3 厂商补丁: IBM --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://www-01.ibm.com/support/docview.wss?rs=171&uid=swg27006037 target=_blank rel=external nofollow>http://www-01.ibm.com/support/docview.wss?rs=171&uid=swg27006037</a> |
| id | SSV:4824 |
| last seen | 2017-11-19 |
| modified | 2009-02-25 |
| published | 2009-02-25 |
| reporter | Root |
| title | IBM WebSphere MQ多个本地权限提升漏洞 |
References
- http://osvdb.org/52297
- http://osvdb.org/52297
- http://secunia.com/advisories/34034
- http://secunia.com/advisories/34034
- http://www.securityfocus.com/bid/33857
- http://www.securityfocus.com/bid/33857
- http://www-01.ibm.com/support/docview.wss?rs=171&uid=swg27006037
- http://www-01.ibm.com/support/docview.wss?rs=171&uid=swg27006037
- http://www-1.ibm.com/support/docview.wss?uid=swg1IZ40824
- http://www-1.ibm.com/support/docview.wss?uid=swg1IZ40824
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48529
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48529