IBM WebSphere on z/OS Double-Free Bug Lets Remote Users Crash the Service
|
|
SecurityTracker Alert ID: 1015255
|
|
SecurityTracker URL: http://securitytracker.com/id?1015255
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Nov 22 2005
|
Impact: Denial of service via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Description: A vulnerability was reported in IBM WebSphere on z/OS. A remote user may be able to cause denial of service conditions.
A remote user can trigger a double-free, causing heap corruption and resulting in an ABEND (crash).
No further details were provided
|
Impact: A remote user can cause denial of service conditions.
|
Solution: The vendor has issued a fix (APAR PK13936).
The vendor's advisory is available at:
http://www-1.ibm.com/support/docview.wss?uid=swg1PK13936
|
Vendor URL: www-1.ibm.com/support/docview.wss?uid=swg1PK13936 (Links to External Site)
|
Cause: State error
|
Underlying OS: z/OS
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 22 Nov 2005 12:21:18 -0500
Subject: IBM WebSphere vulnerabiltiy (PK13936: ABEND S0C4 CAUSED BY DOUBLE DELETE)
|
http://www-1.ibm.com/support/docview.wss?uid=swg1PK13936
|
|
