CVE-2009-0905: Input Validation
First published: Sun Oct 30 2011(Updated: )
IBM WebSphere MQ 6.0 before 6.0.2.8 and 7.0 before 7.0.1.0 does not properly handle long group names, which might allow local users to gain privileges by leveraging combinations of group names with the same initial substring.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM WebSphere MQ | =6.0 | |
| IBM WebSphere MQ | =6.0.1.0 | |
| IBM WebSphere MQ | =6.0.1.1 | |
| IBM WebSphere MQ | =6.0.2.0 | |
| IBM WebSphere MQ | =6.0.2.1 | |
| IBM WebSphere MQ | =6.0.2.2 | |
| IBM WebSphere MQ | =6.0.2.3 | |
| IBM WebSphere MQ | =6.0.2.4 | |
| IBM WebSphere MQ | =6.0.2.5 | |
| IBM WebSphere MQ | =6.0.2.6 | |
| IBM WebSphere MQ | =6.0.2.7 | |
| IBM WebSphere MQ | =7.0 | |
| IBM WebSphere MQ | =7.0.0.1 | |
| IBM WebSphere MQ | =7.0.0.2 | |
| IBM WebSphere MQ Appliance | =6.0.1.0 | |
| IBM WebSphere MQ Appliance | =6.0 | |
| IBM WebSphere MQ Appliance | =6.0.2.4 | |
| IBM WebSphere MQ Appliance | =6.0.1.1 | |
| IBM WebSphere MQ Appliance | =6.0.2.7 | |
| IBM WebSphere MQ Appliance | =6.0.2.3 | |
| IBM WebSphere MQ Appliance | =6.0.2.1 | |
| IBM WebSphere MQ Appliance | =6.0.2.2 | |
| IBM WebSphere MQ Appliance | =6.0.2.0 | |
| IBM WebSphere MQ Appliance | =6.0.2.5 | |
| IBM WebSphere MQ Appliance | =6.0.2.6 | |
| IBM WebSphere MQ Appliance | =7.0.0.1 | |
| IBM WebSphere MQ Appliance | =7.0.0.2 | |
| IBM WebSphere MQ Appliance | =7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2009-0905?
CVE-2009-0905 is classified as a moderate severity vulnerability due to the potential privilege escalation it allows for local users.
How do I fix CVE-2009-0905?
To fix CVE-2009-0905, update IBM WebSphere MQ to version 6.0.2.8 or later or 7.0.1.0 or later.
What versions of IBM WebSphere MQ are affected by CVE-2009-0905?
CVE-2009-0905 affects IBM WebSphere MQ versions 6.0 before 6.0.2.8 and 7.0 before 7.0.1.0.
Can CVE-2009-0905 be exploited remotely?
CVE-2009-0905 is a local privilege escalation vulnerability, meaning it cannot be exploited remotely.
What impact does CVE-2009-0905 have on affected systems?
CVE-2009-0905 allows local users to gain elevated privileges through improperly handled long group names.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/last-modified-date
- agent/trending
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/tags
- collector/nvd-historical
- vendor/ibm
- canonical/ibm websphere mq
- version/ibm websphere mq/6.0
- version/ibm websphere mq/6.0.1.0
- version/ibm websphere mq/6.0.1.1
- version/ibm websphere mq/6.0.2.0
- version/ibm websphere mq/6.0.2.1
- version/ibm websphere mq/6.0.2.2
- version/ibm websphere mq/6.0.2.3
- version/ibm websphere mq/6.0.2.4
- version/ibm websphere mq/6.0.2.5
- version/ibm websphere mq/6.0.2.6
- version/ibm websphere mq/6.0.2.7
- version/ibm websphere mq/7.0
- version/ibm websphere mq/7.0.0.1
- version/ibm websphere mq/7.0.0.2
- canonical/ibm websphere mq appliance
- version/ibm websphere mq appliance/6.0.1.0
- version/ibm websphere mq appliance/6.0
- version/ibm websphere mq appliance/6.0.2.4
- version/ibm websphere mq appliance/6.0.1.1
- version/ibm websphere mq appliance/6.0.2.7
- version/ibm websphere mq appliance/6.0.2.3
- version/ibm websphere mq appliance/6.0.2.1
- version/ibm websphere mq appliance/6.0.2.2
- version/ibm websphere mq appliance/6.0.2.0
- version/ibm websphere mq appliance/6.0.2.5
- version/ibm websphere mq appliance/6.0.2.6
- version/ibm websphere mq appliance/7.0.0.1
- version/ibm websphere mq appliance/7.0.0.2
- version/ibm websphere mq appliance/7.0