-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2012-0102 Title: IBM WebSphere MQ File Transfer Edition Web Gateway insufficient access control [1] Version history: 16.08.2012 Initial publication Summary ======= When using the web gateway, an authenticated user is able to access other users' files without further access control if the URL of the file is known. The URL for a file contains non guessable elements.[1] CVE-2012-2206 CVSS v2 Base Score: 3.5 (LOW) (AV:N/AC:M/Au:S/C:P/I:N/A:N) [2] Vulnerable systems ================== Version 7.0.4 and all previous versions of WebSphere MQ File Transfer Edition running on all platforms are affected. Original Details ================ A NULL pointer dereference flaw was found in the nf_ct_frag6_reasm()function in the Linux kernel's netfilter IPv6 connection tracking implementation. A remote attacker could use this flaw to end specially-crafted packets to a target system that is using IPv6 and also has the nf_conntrack_ipv6 kernel module loaded, causing it to crash. What can you do? ================ Fix is available [1] What to tell your users? ======================== N/A More information ================ [1] https://access.redhat.com/security/cve/CVE-2012-2744 [2] Information about CVSS: http://www.first.org/cvss/cvss-guide.html Best regards, CERT-EU Pre-configuration Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 Privacy Statement: http://cert.europa.eu/cert/plainedition/en/cert_privacy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJQLj/wAAoJEMQ9UMldbd3zkpcQAI2nw1eeiV+6Wd+suIK+dJxJ ilp+uU6XRf7OFLEHtzZocizTQJkA/xm3c09IyKxxnF4/Q7qNftlZJ7yU/AlrnCN4 6BzrKAfreYr4/M2N0v1AAnR0JFPo/YZz4WhmGGZbMM+codG7S41jaHni5FCANrAW xMX30ynnFdqelYZoYGpOpG7ip/fb2bMkmkdKq9HGJZ12LEEVmP2dgHxseyLzsxNH 5cw7Jqa0tDLIqtgjHNNorm1S96iwf5YejpO1D/Rdai+qI+zkJW4d307P2mXbXaR9 GZLTTKG337PwH45NgmzM/xx1zt96Cqk3Ezam7in3nZSwZxHyQS0pOKi1UIkYdXBP mlrQdM64QcPji0Rqdso4otXfEMefuaQuX9SgQlxWK4TqTd1MgpXsIRnwsnO50M6X TRnYlIzYOS3XeT8xmSel+foGb3nPzF8sbMKJ8PX20wRW0oJlmpgBET9CibsVSg0m vMNG77pr24HTEeGTOa0BPy5w42xttmgnXOudQVD9v7LL9FAk/66FRgBaTeah2UWF EZNOzFLXfpqhEWi2D0+DEKVZ6qfAm8uXYR7A0VpJzc9vThHYlez1Iml1PafrAXxp ZMhnNJIE9k2yhT9E8jgzsomvy6Wra52SXE0+Lgpl8GNMUfO0eQhvJz/lIiZmAjGf v3WBCuRmH2aR08JAnJxr =7Ep/ -----END PGP SIGNATURE-----