WebSphere MQ TCPReceive Heap Overflow

CVE-2008-4288

    Type

  • WebSphere MQ TCPReceive Heap Overflow Vulnerability
  • Severity

  • High
  • Affected products

  • WebSphere MQ
  • Date

  • 2009-01-12
  • CVE Reference

  • CVE-2008-4288

The WebSphere MQ service can be used to transfer messages between systems and applications. A signed check error and subsequent heap buffer overflow vulnerability has been identified in the TCPReceive function. The vulnerability is associated with the copying of data received in MQ packets on the heap. This could be used to terminate a core MQ process and although this would restart, this technique could still be used to perform a Denial of Service (DoS) attack. Given sufficient time and effort this issue could potentially result in the execution of arbitrary code. The vulnerable function can be reached in a number of ways and could be exploited by unauthenticated attackers.