SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (E-mail Server)  >   Sun ONE/iPlanet Messaging Server Vendors:   Sun
Sun ONE Messaging Server Lets Remote Users Execute Arbitrary Code on a Target Webmail User's System
SecurityTracker Alert ID:  1014235
SecurityTracker URL:  http://securitytracker.com/id/1014235
CVE Reference:   CAN-2005-2022   (Links to External Site)
Updated:  Sep 30 2005
Original Entry Date:  Jun 18 2005
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.2, 6.2
Description:   A vulnerability was reported in Sun ONE Messaging Server (iPlanet Messaging Server). A remote user can execute arbitrary code on the target user's system.

A remote user may be able to cause arbitrary Javascript to be executed on the target user's system with the privileges of the target user. Only target users running Internet Explorer are affected.

No further details were provided.
Impact:   A remote user can cause arbitrary code to be executed on a target user's system.
Solution:   Sun has issued the following fix.

SPARC Platform

iPlanet Messaging Server 5.2 (for Solaris 2.6 and Solaris 8) with patch 5.2hf2.07 or later

Sun ONE Messaging Server 6.2 (for Solaris 8, Solaris 9, Solaris 10) with patch 118207-37 or later

x86 Platform

Sun ONE Messaging Server 6.2 (for Solaris 9 and Solaris 10) with patch 118208-36 or later

Linux Platform

Sun ONE Messaging Server 6.2 (for RHEL 2.1 or 3.0) with patch 118209-36 or later
Vendor URL:  sunsolve.sun.com/search/document.do?assetkey=1-26-101770-1 (Links to External Site)
Cause:   Not specified
Underlying OS:   Linux (Red Hat Enterprise), UNIX (Solaris - SunOS)

Message History:   None.

 Source Message Contents
Date:  Sat, 18 Jun 2005 01:27:40 -0400
Subject:  http://sunsolve.sun.com/search/document.do?assetkey=1-26-101770-1



# Sun Alert ID: 101770
# Synopsis: Security Vulnerability in Webmail May Allow an Unprivileged User to Execute Arbitrary Code
# Category: Security
#
Product: iPlanet Messaging Server 5.2 Patch 1, Sun Java System Messaging Server 6.2 EA Software
# BugIDs: 6284060
# Avoidance: None
# State: Workaround
# Date Released: 17-Jun-2005
# Date Closed:
# Date Modified:


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC