[Duplicate Entry] Sun Java System Messaging Server May Disclose Portions of Files to Local Users
|
|
SecurityTracker Alert ID: 1016416
|
|
SecurityTracker URL: http://securitytracker.com/id?1016416
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Updated: Jul 4 2006
|
Original Entry Date: Jun 30 2006
|
Impact: Disclosure of system information, Disclosure of user information
|
Vendor Confirmed: Yes
|
Advisory: Sun Alert
|
Version(s): Sun Java System Messaging Server 6.0, 6.1, and 6.2, iPlanet Messaging Server 5.2
|
Description: A vulnerability was reported in the Sun Java System Messaging Server (iPlanet Messaging Server). A local user can view portions of restricted files on the target system.
A local user can create a symbolic link (symlink) from a critical file on the target system to the 'msg.conf' file. This allows
the user to view portions of the symlinked file. Portions of arbitrary files can be read.
[Editor's note: Sun has confirmed
that the vulnerability in this Alert is a duplicate of the vulnerability described in Alert ID 1016312 [CVE-2006-3159]. This Alert
will be removed from the database shortly.]
|
Impact: A local user can read some data from arbitrary files on the target system.
|
Solution: No solution was available at the time of this entry. Sun is working on a fix.
A workaround is described in the Sun advisory, available at:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102496-1
|
Vendor URL: sunsolve.sun.com/search/document.do?assetkey=1-26-102496-1 (Links to External Site)
|
Cause: Access control error
|
Underlying OS: Linux (Any), UNIX (Solaris - SunOS)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Fri, 30 Jun 2006 14:28:14 -0400
Subject: iPlanet Messaging Server, Sun Java System Messaging Server vulnerability
|
Security Vulnerability May Allow a Local Unprivileged User to Partially Read Arbitrary Files
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102496-1
|
|
