Vigil@nce - IBM WebSphere MQ: denial of service via inetd
May 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can send malicious queries to inetd when used by IBM
WebSphere MQ, in order to trigger a denial of service.
Impacted products: WebSphere MQ
Severity: 2/4
Creation date: 02/05/2014
DESCRIPTION OF THE VULNERABILITY
The IBM WebSphere MQ product can be configured with inetd (TCP/IP
listener) or runmqlsr (MQ listener).
However, when inetd is used, an attacker, can trigger an infinite
loop, or can fill the hard disk. Technical details are unknown.
An attacker can therefore send malicious queries to inetd when
used by IBM WebSphere MQ, in order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/IBM-WebSphere-MQ-denial-of-service-via-inetd-14695