CVE-2006-3159

Currently unrated

Key Information:

Vendor
Oracle
Status
Iplanet Messaging Server
One Messaging Server
Vendor
CVE Published:
22 June 2006

Summary

pipe_master in Sun ONE/iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003) allows local users to read portions of restricted files via a symlink attack on msg.conf in a directory identified by the CONFIGROOT environment variable, which returns the first line of the file in an error message.

References

http://securitytracker.com/id?1016416
vdb-entryx_refsource_SECTRACK
http://sunsolve.sun.com/search/document.do?assetkey=1-26-...
vendor-advisoryx_refsource_SUNALERT
http://securitytracker.com/id?1016312
vdb-entryx_refsource_SECTRACK

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.