Vulnerability Name:

CCN-1569

Published:1998-12-25
Updated:1998-12-25
Summary:SIMS (Sun Internet Mail Server), packaged with SDS (Sun LDAP Server), could allow an attacker to obtain sensitive information. The log file created by the slapd daemon is world readable (and writable) and contains the username and passwords of users connecting to IMAP to read their email. This information is therefore available to anyone with a local account on the server system.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Consequences:Obtain Information
References:Source: CCN
Type: BugTraq Mailing List, Fri 25 Dec 1998 19:51:56 PST
Vulnerability

Source: XF
Type: UNKNOWN
sims-slapd-logfiles(1569)

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/o:sun:solaris:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    sun solaris *