It has been reported that there is vulnerability in the Sun Java System Messaging Server/iPLanet messaging Server which could be exploited by malicious, local users in order to gain knowledge of potentially sensitive information.

The issue can result in the following releases:

• SPARC Platform

iPlanet Messaging Server 5.2 (for Solaris 8 and 9)

Sun Java System Messaging Server 6.0, 6.1, and 6.2 (for Solaris 8, 9, and 10)

• x86 Platform

Sun Java System Messaging Server 6.0, 6.1, and 6.2 (for Solaris 9 and 10)

• Linux Platform

Sun Java Messaging Server 6.0, 6.1, and 6.2 (for RHEL 2.1 and 3.0)

In order to decide on the version of iPlanet Messaging Server on a system, one needs to run the % cat /etc/msgregistry.inf command. A list of instances and installs would be displayed if the file exists. In order to decide on the version of Sun Java Messaging Server on a system, one needs to run the % /opt/SUNWmsgsr/sbin/imsimta version command. The cause of the vulnerability was an unspecified error and Sun has recommended restricting shell account access on the mail server to trusted users only as workaround.