iPlanet Messaging Server msg.conf symlink

iplanet-msgconf-symlink (27220) The risk level is classified as MediumMedium Risk

Description:

iPlanet Messaging Server and Sun Java System Messaging Server create the msg.conf file insecurely, which could allow a local attacker to launch a symlink attack. By setting the CONFIGROOT environment variable, a local attacker could exploit this vulnerability to read portions of arbitrary files with root privileges.


Consequences:

File Manipulation

Remedy:

Refer to Sun Alert ID: 102496 for suggested workaround information. See References.

References:

  • Full-Disclosure Mailing List, 2006-06-17 20:24:25: Sun iPlanet Messaging Server 5.2 root password compromise.
  • Sun Alert ID: 102496: Security Vulnerability May Allow a Local Unprivileged User to Partially Read Arbitrary Files.
  • Sun Java System Messaging Server Web site: Sun Java System Messaging Server.
  • Sun ONE Messaging Server Web site: Collaboration & Communication.
  • BID-18749: iPlanet/Sun Java Messaging Server Local Information Disclosure Vulnerability
  • CVE-2006-3159: pipe_master in Sun ONE/iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003) allows local users to read portions of restricted files via a symlink attack on msg.conf in a directory identified by the CONFIGROOT environment variable, which returns the first line of the file in an error message.
  • SA20919: Sun Java System Messaging Server Arbitrary File Disclosure
  • SECTRACK ID: 1016312: Sun ONE/iPlanet Messaging Server `msg.conf` Symlink Flaw Lets Local Users View Files
  • SECTRACK ID: 1016416: [Duplicate Entry] Sun Java System Messaging Server May Disclose Portions of Files to Local Users
  • VUPEN/ADV-2006-2633: Sun Java System and iPlanet Messaging Server Arbitrary File Disclosure Vulnerability

Platforms Affected:

  • Sun iPlanet Messaging Server 5.2 HotFix 1.16
  • Sun Java System Messaging Server 6.0
  • Sun Java System Messaging Server 6.1
  • Sun Java System Messaging Server 6.2
  • Sun Solaris 10
  • Sun Solaris 2.6
  • Sun Solaris 8
  • Sun Solaris 9

Reported:

Jun 14, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page