Vulnerability Details CVE-2006-3159
pipe_master in Sun ONE/iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003) allows local users to read portions of restricted files via a symlink attack on msg.conf in a directory identified by the CONFIGROOT environment variable, which returns the first line of the file in an error message.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 24.5%
CVSS Severity
CVSS v2 Score 2.1
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046920.html
- http://secunia.com/advisories/20919
- http://securitytracker.com/id?1016312
- http://securitytracker.com/id?1016416
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102496-1
- http://www.securityfocus.com/bid/18749
- http://www.vupen.com/english/advisories/2006/2633
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27220
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046920.html
- http://secunia.com/advisories/20919
- http://securitytracker.com/id?1016312
- http://securitytracker.com/id?1016416
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102496-1
- http://www.securityfocus.com/bid/18749
- http://www.vupen.com/english/advisories/2006/2633
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27220
Products affected by CVE-2006-3159
-
cpe:2.3:a:sun:iplanet_messaging_server:5.2
-
cpe:2.3:a:sun:one_messaging_server:5.2