CVE-2007-6705

Name of the Vulnerable Software and Affected Versions WebSphere MQ XA versions 5.3 before FP13 WebSphere MQ XA versions 6.0.x before 6.0.2.1

Description The issue allows local users to duplicate an arbitrary handle and possibly hijack an arbitrary process when the client is running in an MTS or a COM+ environment and connects to a queue manager, due to the granting of the PROCESS DUP HANDLE privilege to the Everyone group.

Recommendations For WebSphere MQ XA versions 5.3 before FP13, apply FP13 to resolve the issue. For WebSphere MQ XA versions 6.0.x before 6.0.2.1, update to version 6.0.2.1 or later to resolve the issue.