Vigil@nce - IBM WebSphere MQ: denial of service via a large message
November 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker send a message larger than 1MByte to IBM WebSphere MQ,
in order to stop it.
– Impacted products: WebSphere MQ
– Severity: 2/4
– Creation date: 12/11/2012
DESCRIPTION OF THE VULNERABILITY
The IBM WebSphere MQ product processes message queues, which can
be delivered synchronously, or asynchronously.
However, when IBM WebSphere MQ processes an asynchronous message
larger than 1MByte, a fatal error occurs.
An attacker can therefore send a message larger than 1MByte to IBM
WebSphere MQ, in order to stop it.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/IBM-WebSphere-MQ-denial-of-service-via-a-large-message-12130