Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6705

Overview

Vulnerability Score 3.3 3.3
CVE Id CVE-2007-6705
Last Modified 15 Nov 2008 02:06:12
Published 08 Mar 2008 09:44:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2007-6705

Summary

The WebSphere MQ XA 5.3 before FP13 and 6.0.x before 6.0.2.1 client for Windows, when running in an MTS or a COM+ environment, grants the PROCESS_DUP_HANDLE privilege to the Everyone group upon connection to a queue manager, which allows local users to duplicate an arbitrary handle and possibly hijack an arbitrary process.

Vulnerable Systems

Application

  • Ibm Websphere Mq 5.3

  • Ibm Websphere Mq 6.0.2.0


References

AIXAPAR - IC50431

SECTRACK - 1019529

OSVDB - 43167


Last Updated: 27 May 2016 10:46:36