Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3159

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2006-3159
Last Modified 07 Mar 2011 09:37:58
Published 22 Jun 2006 06:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2006-3159

Summary

pipe_master in Sun ONE/iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003) allows local users to read portions of restricted files via a symlink attack on msg.conf in a directory identified by the CONFIGROOT environment variable, which returns the first line of the file in an error message.

Vulnerable Systems

Application

  • Sun Iplanet Messaging Server 5.2

  • Sun One Messaging Server 5.2


References

VUPEN - ADV-2006-2633

SECTRACK - 1016312

FULLDISC - 20060614 Sun iPlanet Messaging Server 5.2 root password compromise

XF - iplanet-msgconf-symlink(27220)

BID - 18749

SUNALERT - 102496

SECTRACK - 1016416

SECUNIA - 20919


Last Updated: 27 May 2016 10:42:54