Vulnerability Reported In Sun Java System Messaging Server
It has been reported that there is vulnerability in the Sun Java System Messaging Server/iPLanet messaging Server which could be exploited by malicious, local users in order to gain knowledge of potentially sensitive information.
The issue can result in the following releases:
• SPARC Platform
iPlanet Messaging Server 5.2 (for Solaris 8 and 9)
Sun Java System Messaging Server 6.0, 6.1, and 6.2 (for Solaris 8, 9, and 10)
• x86 Platform
Sun Java System Messaging Server 6.0, 6.1, and 6.2 (for Solaris 9 and 10)
• Linux Platform
Sun Java Messaging Server 6.0, 6.1, and 6.2 (for RHEL 2.1 and 3.0)
In order to decide on the version of iPlanet Messaging Server on a system, one needs to run the % cat /etc/msgregistry.inf command. A list of instances and installs would be displayed if the file exists. In order to decide on the version of Sun Java Messaging Server on a system, one needs to run the % /opt/SUNWmsgsr/sbin/imsimta version command. The cause of the vulnerability was an unspecified error and Sun has recommended restricting shell account access on the mail server to trusted users only as workaround.