27 Jul 2012 22:23
Re: Question on Alert for MQ Security Vulnerability
do you think IBM would tell people how to get around the CHLAUTH rules in 7.1 / 7.5 until the fix is ready to go? I don't think so.....
I have CHLAUTH rules in Dev, but I guess I will stick with MQAUSX for Prod...
From: "Roger Lacroix" <roger.lacroix-F8msR03N6m5XrIkS9f7CXA@public.gmane.org>
To: MQSERIES-0lvw86wZMd9k/bWDasg6f+2wyY2g16FtwPuJ0ROkVbw@public.gmane.org
Sent: Friday, July 27, 2012 3:50:47 PM
Subject: Question on Alert for MQ Security Vulnerability
All,
IBM recently posted an alert with the following title: WebSphere MQ Security Vulnerability: potential for client applications to bypass security configuration on MQ SVRCONN channels.
The details can be found here:
http://www.ibm.com/support/docview.wss?uid=swg21595523
The alert is extremely (I do mean extremely) light on details. Does anyone know what exactly the client application is doing or shouldn't be doing to cause the "bypass"? The alert does not even list an iFix number, what platforms are effected or anything.
If anyone knows anything about this alert a better description would be greatly appreciated. If you want to send the information privately to me then that is fine with me.
Regards,
Roger Lacroix
Capitalware Inc.
List Archive - Manage Your List Settings - Unsubscribe
From: "Roger Lacroix" <roger.lacroix-F8msR03N6m5XrIkS9f7CXA@public.gmane.org>
To: MQSERIES-0lvw86wZMd9k/bWDasg6f+2wyY2g16FtwPuJ0ROkVbw@public.gmane.org
Sent: Friday, July 27, 2012 3:50:47 PM
Subject: Question on Alert for MQ Security Vulnerability
All,
IBM recently posted an alert with the following title: WebSphere MQ Security Vulnerability: potential for client applications to bypass security configuration on MQ SVRCONN channels.
The details can be found here:
http://www.ibm.com/support/docview.wss?uid=swg21595523
The alert is extremely (I do mean extremely) light on details. Does anyone know what exactly the client application is doing or shouldn't be doing to cause the "bypass"? The alert does not even list an iFix number, what platforms are effected or anything.
If anyone knows anything about this alert a better description would be greatly appreciated. If you want to send the information privately to me then that is fine with me.
Regards,
Roger Lacroix
Capitalware Inc.
List Archive - Manage Your List Settings - Unsubscribe
Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com
List Archive - Manage Your List Settings - Unsubscribe
Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com
RSS Feed