Security Bulletin
Summary
A problem within IBM MQ queue manager libraries could allow an attacker who has mqm login access to a server to use IBM MQ to escalate their privileges on that system and gain access to the root user.
Vulnerability Details
CVEID: CVE-2018-1792
DESCRIPTION: IBM MQ could allow a local user to inject code that could be executed with root privileges.
CVSS Base Score: 8.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/148947 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
Affected Products and Versions
IBM MQ V8
IBM MQ V8 versions 8.0.0.0 - 8.0.0.10
IBM MQ V9 LTS
IBM MQ V9 LTS versions 9.0.0.0 - 9.0.0.5
IBM MQ V9 CD
IBM MQ V9 CD versions 9.0.1 - 9.0.5
IBM MQ V9.1 LTS
IBM MQ V9.1 LTS versions 9.1.0.0
Remediation/Fixes
IBM MQ V8
IBM MQ V9 LTS
IBM MQ V9 CD
Upgrade to IBM MQ 9.1.1 and follow additional instructions below
or
IBM MQ V9.1 LTS
Upgrade to IBM MQ 9.1.0.1 and follow additional instructions below
or
Additional Instructions
After you have applied the version specific fix, run the following platform specific commands as root on each affected system. Ensure that the $MQ_INSTALLATION_PATH variable is set to the root installation directory of your MQ installation, for example /opt/mqm, before running the commands. You may use the setmqenv command from the installation to achieve this if desired. If you are patching multiple installations, run the commands against each installation in turn.
Linux
chmod 0700 $MQ_INSTALLATION_PATH/maintenance
chown root:root $MQ_INSTALLATION_PATH/maintenance
chown root:root $MQ_INSTALLATION_PATH/fix-backups*
chmod 0700 $MQ_INSTALLATION_PATH/fix-backups*
Solaris
/usr/bin/find /var/sadm/pkg/mqm* -name save -type d -exec /usr/bin/chmod 700 {} \;
/usr/bin/find /var/sadm/pkg/mqm* -name save -type d -exec /usr/bin/chown root:root {} \;
chown root:root $MQ_INSTALLATION_PATH/fix-backups*
chmod 0700 $MQ_INSTALLATION_PATH/fix-backups*
HP-UX
chmod 0700 /var/adm/sw/save/MQSERIES
chown root:root /var/adm/sw/save/MQSERIES
chown root:root $MQ_INSTALLATION_PATH/fix-backups*
chmod 0700 $MQ_INSTALLATION_PATH/fix-backups*
AIX
chown root:root $MQ_INSTALLATION_PATH/fix-backups*
chmod 0700 $MQ_INSTALLATION_PATH/fix-backups*
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
References
Acknowledgement
The vulnerability was reported to IBM by Rich Mirch
Change History
October 2018: Initial Version Created.
9th November 2018: Removed Windows as affected platform, added AIX as an affected platform.
23rd November 2018: Added link to 9.1.0.1 download.
18th December 2018: Added additional instructions that must be followed after applying the fix
20th December 2018: Added MQ 8.0.0.11 Fixpack details
10th January 2019: Added IBM MQ 9.1.1 details and corrected MQ 8.0.0.11 details.
13th March 2019: Removed invalid workaround/mitigation
29th April 2019: Added FixPack details for 9.1 and 9.0 LTS releases
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Internal Use Only
Advisory ID 13029
Product Record ID 119571
Was this topic helpful?
Document Information
Modified date:
29 April 2019
UID
ibm10734447