Note: This is an archival copy of Security Sun Alert 200416 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000301.1.
Sun Java System Messaging Server 6.0
iPlanet Messaging Server 5.2
Date of Resolved Release
Sun acknowledges, with thanks, Seth Hall of Ohio State University, for bringing this issue to our attention.
This issue can occur in the following releases:
To determine if Sun Java System Messaging Server is installed on a system, the following command can be run:
% pkginfo SUNWmsgco application SUNWmsgco Sun Java System Messaging Server Core Libraries
To determine the version of iPlanet Messaging Server on a system, the following command can be run:
$ cat /etc/msgregistry.inf
A list of instances and installs will displayed (if any) if this file exists.
To determine the version of Sun Java Messaging Server on a system, the following command can be run:
$ /opt/SUNWmsgsr/sbin/imsimta version
There are no predictable symptoms that would indicate the described vulnerability has been exploited.
There is no workaround for this issue. Please see the Resolution section below.
This issue is addressed in the following releases:
Note: iPlanet Messaging Server 5.2 patch 5.2hf2.13 is available to all customers through normal support channels regardless of support contract.
This solution has no attachment