Security Bulletin
Summary
An information leak flaw and buffer overflow flaw in the way the OpenSSH client roaming feature was implemented affects IBM MQ Appliance.
Vulnerability Details
CVEID: CVE-2016-0777
DESCRIPTION: OpenSSH could allow a remote attacker to obtain sensitive information, caused by a client information leak from using the roaming connection feature. By persuading a victim to connect to a malicious server, an attacker could exploit this vulnerability to retrieve private cryptographic keys or other sensitive information.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/109635 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
Affected Products and Versions
IBM MQ Appliance M2000
Remediation/Fixes
Apply the ifix for APAR IT13223.
Workarounds and Mitigations
In most cases the IBM MQ Appliance is not affected by this issue. The exception |
Get Notified about Future Security Bulletins
References
Acknowledgement
None
Change History
26 January 2016 : Original Version Published
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Product Synonym
IBMMQ
Was this topic helpful?
Document Information
Modified date:
15 June 2018
UID
swg21975158