[Duplicate Entry] Sun Java System Messaging Server May Disclose Portions of Files to Local Users
|
|
SecurityTracker Alert ID: 1016416 |
|
SecurityTracker URL: http://securitytracker.com/id/1016416
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Updated: Jul 4 2006
|
Original Entry Date: Jun 30 2006
|
Impact:
Disclosure of system information, Disclosure of user information
|
Vendor Confirmed: Yes
|
Version(s): Sun Java System Messaging Server 6.0, 6.1, and 6.2, iPlanet Messaging Server 5.2
|
Description:
A vulnerability was reported in the Sun Java System Messaging Server (iPlanet Messaging Server). A local user can view portions of restricted files on the target system.
A local user can create a symbolic link (symlink) from a critical file on the target system to the 'msg.conf' file. This allows the user to view portions of the symlinked file. Portions of arbitrary files can be read.
[Editor's note: Sun has confirmed that the vulnerability in this Alert is a duplicate of the vulnerability described in Alert ID 1016312 [CVE-2006-3159]. This Alert will be removed from the database shortly.]
|
Impact:
A local user can read some data from arbitrary files on the target system.
|
Solution:
No solution was available at the time of this entry. Sun is working on a fix.
A workaround is described in the Sun advisory, available at:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102496-1
|
Vendor URL: sunsolve.sun.com/search/document.do?assetkey=1-26-102496-1 (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Linux (Any), UNIX (Solaris - SunOS)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Fri, 30 Jun 2006 14:28:14 -0400
Subject: iPlanet Messaging Server, Sun Java System Messaging Server vulnerability
|
Security Vulnerability May Allow a Local Unprivileged User to Partially Read Arbitrary Files
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102496-1
|
|
