Vulnerabilities > CVE-2006-3159 - Unspecified vulnerability in SUN Iplanet Messaging Server and ONE Messaging Server
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
pipe_master in Sun ONE/iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003) allows local users to read portions of restricted files via a symlink attack on msg.conf in a directory identified by the CONFIGROOT environment variable, which returns the first line of the file in an error message.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046920.html
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046920.html
- http://secunia.com/advisories/20919
- http://secunia.com/advisories/20919
- http://securitytracker.com/id?1016312
- http://securitytracker.com/id?1016312
- http://securitytracker.com/id?1016416
- http://securitytracker.com/id?1016416
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102496-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102496-1
- http://www.securityfocus.com/bid/18749
- http://www.securityfocus.com/bid/18749
- http://www.vupen.com/english/advisories/2006/2633
- http://www.vupen.com/english/advisories/2006/2633
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27220
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27220