Symlink Vulnerability in Sun ONE/iPlanet Messaging Server
CVE-2006-3159

Currently unrated

Key Information:

Vendor: Oracle
Status: Iplanet Messaging Server; One Messaging Server
Vendor: CVE Published:; 22 June 2006

What is CVE-2006-3159?

The Sun ONE/iPlanet Messaging Server 5.2 HotFix 1.16 contains a vulnerability allowing local users to exploit symlink attacks. By manipulating the msg.conf file in a directory specified by the CONFIGROOT environment variable, unauthorized access is granted to portions of restricted files. This can lead to sensitive information being revealed through error messages displaying the first line of the accessed file.

References

http://securitytracker.com/id?1016416

vdb-entryx_refsource_SECTRACK

http://sunsolve.sun.com/search/document.do?assetkey=1-26-...

vendor-advisoryx_refsource_SUNALERT

http://securitytracker.com/id?1016312

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Jun 22, 2006
Vulnerability Reserved
Jun 22, 2006

Oracle

What is CVE-2006-3159?

References

Timeline