Home Unlabelled IBM Security Bulletin: Various IBM WebSphere MQ Installers are susceptible to DLL-planting vulnerabilities (CVE-2016-2542 & CVE-2016-4560)

IBM Security Bulletin: Various IBM WebSphere MQ Installers are susceptible to DLL-planting vulnerabilities (CVE-2016-2542 & CVE-2016-4560)

By
Friday, June 03, 2016
Read
Add Comment

Various IBM WebSphere MQ graphical user interface installers are susceptible to a DLL-planting vulnerability where a malicious DLL, that is present in the Windows search path, could be loaded by the operating system in place of the genuine file. The vulnerability affects Windows executable installers downloaded from IBM prior to 2nd June 2016.

CVE(s): CVE-2016-2542, CVE-2016-4560

Affected product(s) and affected version(s):

The vulnerability affects the executable (.exe file extension) installers, fixpacks and support packs;

– IBM WebSphere MQ for Windows (5.3 – All versions)

– IBM WebSphere MQ for Windows (6.0 – All versions)

– IBM WebSphere MQ for Windows (7.0.0.0 – 7.0.1.13)

– IBM WebSphere MQ for Windows (7.1.0.0 – 7.1.0.7)

– IBM WebSphere MQ for Windows (7.5.0.0 – 7.5.0.6)

– IBM WebSphere MQ for Windows (8.0.0.0 – 8.0.0.4)

– IBM WebSphere MQ Evaluation (8.0.0.0 – 8.0.0.4)

– IBM WebSphere MQ Evaluation (7.5.0.0 – 7.5.0.6)

– IBM WebSphere MQ Evaluation (7.1.0.0 – 7.1.0.7)

– IBM WebSphere MQ File Transfer Edition for Windows (V7.0.0.0 – V7.0.4.4)

– IBM WebSphere MQ File Transfer Edition Trial for Windows (V7.0.0.0 – V7.0.4.4)

– IBM WebSphere MQ Advanced Message Security for Windows (V7.0.1.0 – V7.0.1.3)

– IBM WebSphere MQ Advanced Message Security Trial for Windows (V7.0.1.0 – V7.0.1.3)

– IBM WebSphere MQ for HP NonStop Server V5.3 (Windows Installer V5.3.1.0)

– IBM WebSphere MQ Advanced for Developers (7.5.0.0 – 8.0.0.4)

– MS0T IBM WebSphere MQ Explorer (7.0.1.0 – 8.0.0.4)

– MQC7 IBM WebSphere MQ V7 Clients (All versions)

– MQC71 IBM WebSphere MQ V7.1 Clients (7.1.0.0 – 7.1.0.7)

– MQC75 IBM WebSphere MQ V7.5 Clients (7.5.0.0 – 7.5.0.6)

– MQC8 IBM WebSphere MQ V8 Clients (8.0.0.0 – 8.0.0.4)

Where fixes are available (see below), users should discard any Windows installation images that were downloaded from IBM prior to 2nd June 2016 and download new images from Fix Central or Passport Advantage.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/22CzLyw
X-Force Database: http://ift.tt/1rhWtyP
X-Force Database: http://ift.tt/1Vw3dW4



from IBM Product Security Incident Response Team http://ift.tt/22Czwnp
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us