IBM WebSphere MQ队列管理器大型消息拒绝服务漏洞
BUGTRAQ ID: 56471 IBM WebSphere MQ用于在企业中提供消息传输服务。 IBM WebSphere MQ 7.1在执行下列条目时,意外中断并生成一个FDC文件,在实现上存在拒绝服务漏洞,成功利用后可允许攻击者造成应用崩溃。 PIDS :- 5724H7220 LVLS :- 7.1.0.0 Product Long Name :- WebSphere MQ for Windows Probe Id :- XC130031 Application Name :- MQM Component :- xehExceptionHandler SCCS Info :- lib/cs/pc/winnt/amqxerrn.c, 1.44 Line Number :- 761 Build Date :- Oct 19 2011 CMVC level :- p000-L111019 Build Type :- IKAP - (Production) Process Name :- C:\Program Files (x86)\IBM\WebSphere MQ\bin\amqzlaa0.exe Major Errorcode :- xecF_E_UNEXPECTED_SYSTEM_RC Minor Errorcode :- OK Probe Type :- MSGAMQ6119 Probe Severity :- 2 Probe Description :- AMQ6109: An internal WebSphere MQ error has occurred. FDCSequenceNumber :- 0 Comment1 :- Access Violation at address xxxxxxxx when writing 0 IBM WebSphere MQ 7.x 厂商补丁: IBM --- 请更新到7.1.0.2: swg1IC82908:IC82908: WebSphere MQ V7.1: Queue manager ends unexpectedly. FFST probe XC130031 in kqiTickleEarly. zrcC_E_INVALID_HANDLE may be seen....
