Vulnerability CVE-2006-3159 - CERT Civis.Net

Vulnerability Name:

CVE-2006-3159 (CCN-27220)

Assigned:

2006-06-14

Published:

2006-06-14

Updated:

2017-07-20

Summary:

pipe_master in Sun ONE/iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003) allows local users to read portions of restricted files via a symlink attack on msg.conf in a directory identified by the CONFIGROOT environment variable, which returns the first line of the file in an error message.

CVSS v3 Severity:

4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

2.6 Low (CCN CVSS v2 Vector: AV:L/AC:H/Au:N/C:N/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

File Manipulation

References:

Source: MITRE
Type: CNA
CVE-2006-3159

Source: FULLDISC
Type: UNKNOWN
20060614 Sun iPlanet Messaging Server 5.2 root password compromise

Source: CCN
Type: Full-Disclosure Mailing List, 2006-06-17 20:24:25
Sun iPlanet Messaging Server 5.2 root password compromise

Source: CCN
Type: SA20919
Sun Java System Messaging Server Arbitrary File Disclosure

Source: SECUNIA
Type: UNKNOWN
20919

Source: CCN
Type: SECTRACK ID: 1016312
Sun ONE/iPlanet Messaging Server `msg.conf` Symlink Flaw Lets Local Users View Files

Source: SECTRACK
Type: UNKNOWN
1016312

Source: CCN
Type: SECTRACK ID: 1016416
[Duplicate Entry] Sun Java System Messaging Server May Disclose Portions of Files to Local Users

Source: SECTRACK
Type: UNKNOWN
1016416

Source: CCN
Type: Sun Alert ID: 102496
Security Vulnerability May Allow a Local Unprivileged User to Partially Read Arbitrary Files

Source: SUNALERT
Type: UNKNOWN
102496

Source: BID
Type: UNKNOWN
18749

Source: CCN
Type: BID-18749
iPlanet/Sun Java Messaging Server Local Information Disclosure Vulnerability

Source: CCN
Type: Sun ONE Messaging Server Web site
Collaboration & Communication

Source: CCN
Type: Sun Java System Messaging Server Web site
Sun Java System Messaging Server

Source: VUPEN
Type: UNKNOWN
ADV-2006-2633

Source: XF
Type: UNKNOWN
iplanet-msgconf-symlink(27220)

Source: XF
Type: UNKNOWN
iplanet-msgconf-symlink(27220)

Vulnerable Configuration:

Configuration 1:

cpe:/a:sun:iplanet_messaging_server:5.2:*:*:*:*:*:*:*

OR cpe:/a:sun:one_messaging_server:5.2:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:sun:java_system_messaging_server:6.0:*:*:*:*:*:*:*

OR cpe:/a:sun:java_system_messaging_server:6.1:*:*:*:*:*:*:*

OR cpe:/a:sun:java_system_messaging_server:6.2:*:*:*:*:*:*:*

AND

cpe:/o:sun:solaris:2.6::sparc:*:*:*:*:*

OR cpe:/o:sun:solaris:8::sparc:*:*:*:*:*

OR cpe:/o:sun:solaris:9::sparc:*:*:*:*:*

OR cpe:/o:sun:solaris:10::64bit:*:*:*:*:*

Denotes that component is vulnerable