Hello everyone,
New security alert concerning a buffer overflow attack in IBM Rational Developer for i.
The environment contains a debugger XML profile serialization feature called XStream. As a reminder, XStream is a Java library designed to facilitate conversion from Java to XML and vice versa.
By sending a specially crafted binary input stream a remote attacker can exploit this vulnerability to cause a denial of service caused by a stack-based buffer overflow in BinaryStreamDriver.
The CVSS score for this flaw is 7.5, and Gayte.IT strongly advises you to abandon version 9.6 and upgrade to 9.8.0.3!
To block this vulnerability, simply update with the patch for versions 9.6 (not recommended) and 9.8. You can find the installation process for these patches in the attachment to this article.
For more information on the alert bulletin, here is a link to the official publication on the support site:
