Vulnerability Reported In Sun Java System Messaging Server

Filed in archive Security on July 4, 2006

It has been reported that there is vulnerability in the Sun Java System Messaging Server/iPLanet messaging Server which could be exploited by malicious, local users in order to gain knowledge of potentially sensitive information.

The issue can result in the following releases:

• SPARC Platform

iPlanet Messaging Server 5.2 (for Solaris 8 and 9)

Sun Java System Messaging Server 6.0, 6.1, and 6.2 (for Solaris 8, 9, and 10)

• x86 Platform

Sun Java System Messaging Server 6.0, 6.1, and 6.2 (for Solaris 9 and 10)

• Linux Platform

Sun Java Messaging Server 6.0, 6.1, and 6.2 (for RHEL 2.1 and 3.0)

In order to decide on the version of iPlanet Messaging Server on a system, one needs to run the % cat /etc/msgregistry.inf command. A list of instances and installs would be displayed if the file exists. In order to decide on the version of Sun Java Messaging Server on a system, one needs to run the % /opt/SUNWmsgsr/sbin/imsimta version command. The cause of the vulnerability was an unspecified error and Sun has recommended restricting shell account access on the mail server to trusted users only as workaround.