Websphere MQ is an Enterprise level application that can be used to provide a unified platform for messaging within an organisation. IBM describes their technology as follows:
"WebSphere MQ provides an award-winning messaging backbone for deploying your enterprise service bus (ESB) today as the connectivity layer of a service-orientated architecture (SOA)".
The Websphere MQ service can be used to transfer messages between systems and applications. It is possible to protect the channels within the Queue Manager with a security exit which requires that an authentication check be passed before a connection can be established. A method of bypassing Websphere MQ Security authentication mechanism has been discovered which would enable unauthorised access to be gained.
* Websphere MQ version 5.1 up to version 5.3 (Solaris)
* Websphere MQ version 6.0.0 (Windows)
The vulnerability could enable an attacker to bypass a security exit that has been applied to a channel. This would enable an attacker to gain full access to all queues defined within the queue manager with full read and write access. Additionally, an attacker could perform remote fingerprinting of the software, alter the Queue Manager configuration and potentially execute Operating System commands through the creation of an appropriate trigger process.
The latter is dependent on the presence of a running trigger monitor process on the system.
The vulnerability arises from an error in the process for checking whether a connection has successfully passed the authentication check enforced by a security exit. A connection can be established to the Queue Manager if an authentication packet is not sent
before the connection is established.
The only workaround at the present time is to use network filtering to restrict access to Websphere MQ services to trusted IP addresses only. It is also possible that correctly deploying and mandating the use of SSL client certificates will prevent an attacker from accessing the channels that are protected by the Security Exit. IBM have released a fix pack that addresses this vulnerability.