Multiple vulnerabilities in IBM MQ Appliance
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2017-18595 CVE-2018-19985 CVE-2018-20169 CVE-2019-19527 |
| CWE-ID | CWE-415 CWE-125 CWE-119 CWE-416 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
IBM MQ Appliance Other software / Other software solutions |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Double Free
EUVDB-ID: #VU21716
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-18595
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges in the system.
The vulnerability exists due to a boundary error within the allocate_trace_buffer() function in the kernel/trace/trace.c. A local user can run a specially crafted application to trigger a double free error and execute arbitrary code on the target system with elevated privileges.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM MQ Appliance: 9.2.0.0 - 9.2.5
External linkshttp://www.ibm.com/support/pages/node/6602561
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds read
EUVDB-ID: #VU20806
Risk: Low
CVSSv3.1: 2.1 [CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-19985
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when the function "hso_get_config_data" in "drivers/net/usb/hso.c" reads "if_num" from the USB device (as a u8) and uses it to index a small array. An authenticated local user with physical access to the system can use a malicious USB, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM MQ Appliance: 9.2.0.0 - 9.2.5
External linkshttp://www.ibm.com/support/pages/node/6602561
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Memory corruption
EUVDB-ID: #VU16628
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-20169
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition or execute arbitrary code on the target system.
The vulnerability exists in the USB subsystem due to improper checks on the minimum and maximum size of data allowed when reading an extra descriptor by the USB subsystem of the affected software, related to the __usb_get_extra_descriptor in the drivers/usb/core/usb.c source code file. A local attacker can insert a USB device designed to submit malicious input, trigger memory corruption and cause the service to crash or execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM MQ Appliance: 9.2.0.0 - 9.2.5
External linkshttp://www.ibm.com/support/pages/node/6602561
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Use-after-free
EUVDB-ID: #VU26648
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-19527
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to use-after-free error in the drivers/hid/usbhid/hiddev.c driver. A local user can use a malicious USB device to trigger use-after-free error and execute arbitrary code on the system with elevated privileges.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM MQ Appliance: 9.2.0.0 - 9.2.5
External linkshttp://www.ibm.com/support/pages/node/6602561
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
