Advisories
Please read our Vulnerability Disclosure Policy.
Full TextIBM WebSphere MQ Remote Buffer Overflow
Jun 04, 2009
MWR InfoSecurity have identified that a number of versions of WebSphere MQ are vulnerable to a security issue due to the incorrect validation of user supplied data. This can lead to a heap overflow vulnerability in the packet handling routines. This vulnerability is associated with the software's memory allocation code and can result in the overwriting of data on the heap. This vulnerability could be exploited remotely from an unauthenticated perspective in order to execute arbitrary code. Please note that specific MQ security controls can partially mitigate the risk associated with this issue if these have been deployed in an appropriate manner.
Due to the nature of the vulnerability full details will not be provided at the present time so that customers are able to apply the appropriate security patches. However, a full advisory will be released in approximately 3 months time. MWR InfoSecurity customers can obtain further information about the issue by contacting their account manager.
Fixes for the issue can be obtained via the following link: -
http://www-01.ibm.com/support/docview.wss?rs=0&uid=swg24023135
Author: A Plaskett
CVE: CVE-2009-0896
Retain Resource Server Remote Code Execution
Apr 07, 2009
A vulnerability exists in the Retain Planner Server networking protocol which could allow an attacker to execute code remotely by crafting a malicious packet in order to hijack the flow of execution.
WebEx Remote Support Application Vulnerability
Apr 06, 2009
The Remote Support Center application utilises the WebEx portal to provide a mechanism which allows remote assistance of users or the sharing of an application such as a PowerPoint presentation or browser session. A vulnerability was identified whereby the security controls within the application could be overridden and that all actions could have been taken without the permission of the user or of the Meeting Host.
This document is intended to provide further information about security vulnerabilities previously identified in the WebEx Remote Support Center Application. The information included here should be used to identify how use of the service might impact on an organisation’s security posture and how it can be ensured that its usage does not expose unnecessary risk. This document is not intended as a statement of MWR InfoSecurity’s opinion about the security of this application, or of the service in general.
Sophos RMS / TAO Component Denial of Service
Jan 16, 2009
The Remote Management System (RMS) router component of Sophos Anti-Virus utilises TAO, which is a third party developed message request broker that contains a vulnerability. This RMS component is used by a service in installations of Sophos software. By constructing a specially crafted packet it is possible to cause the service to terminate. This attack could be performed without authenticating to the remote system.
WebSphere MQ xcsGetMem Heap Overflow
Jan 12, 2009
The WebSphere MQ service can be used to transfer messages between systems and applications. An integer overflow and subsequent heap overflow vulnerability has been identified in the packet parsing routines. This vulnerability is associated with the memory allocation code and can result in the overwriting of data on the heap. This vulnerability could be exploited to execute arbitrary code.