ISS X-Force Database: iplanet-msgconf-symlink(27220): iPlanet Messaging Server msg.conf symlink

iPlanet Messaging Server msg.conf symlink

iplanet-msgconf-symlink (27220)

Medium Risk

Description:

iPlanet Messaging Server and Sun Java System Messaging Server create the msg.conf file insecurely, which could allow a local attacker to launch a symlink attack. By setting the CONFIGROOT environment variable, a local attacker could exploit this vulnerability to read portions of arbitrary files with root privileges.

Platforms Affected:

Sun, iPlanet Messaging Server 5.2 HotFix 1.16
Sun, Java System Messaging Server 6.0
Sun, Java System Messaging Server 6.1
Sun, Java System Messaging Server 6.2
Sun, Solaris 10
Sun, Solaris 2.6
Sun, Solaris 8
Sun, Solaris 9

Remedy:

Refer to Sun Alert ID: 102496 for suggested workaround information. See References.

Consequences:

File Manipulation

References:

Full-Disclosure Mailing List, 2006-06-17 20:24:25, Sun iPlanet Messaging Server 5.2 root password compromise at http://marc.info/?l=full-disclosure&m=115031683225880&w=2.
Sun Alert ID: 102496, Security Vulnerability May Allow a Local Unprivileged User to Partially Read Arbitrary Files at http://sunsolve.sun.com/search/document.do?assetkey=1-26-102496-1.
Sun Java System Messaging Server Web site, Sun Java System Messaging Server at http://www.sun.com/software/products/messaging_srvr/index.xml.
Sun ONE Messaging Server Web site, Collaboration & Communication at http://www.sun.com/software/index.jsp?cat=Collaboration%20%26%20Communication&tab=3.
BID-18749: iPlanet/Sun Java Messaging Server Local Information Disclosure Vulnerability
CVE-2006-3159: pipe_master in Sun ONE/iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003) allows local users to read portions of restricted files via a symlink attack on msg.conf in a directory identified by the CONFIGROOT environment variable, which returns the first line of the file in an error message.
SA20919: Sun Java System Messaging Server Arbitrary File Disclosure
SECTRACK ID: 1016312: Sun ONE/iPlanet Messaging Server `msg.conf` Symlink Flaw Lets Local Users View Files
SECTRACK ID: 1016416: [Duplicate Entry] Sun Java System Messaging Server May Disclose Portions of Files to Local Users
VUPEN/ADV-2006-2633: Sun Java System and iPlanet Messaging Server Arbitrary File Disclosure Vulnerability

Reported:

Jun 14, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page