Note: This is an archival copy of Security Sun Alert 201180 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000892.1.
Date of Resolved Release
A security vulnerability in iPlanet Messaging Server/Sun ONE Messaging web-based e-mail may allow a remote unprivileged user the ability to gain unauthorized access to a webmail user's e-mail using a specially crafted e-mail message.
Sun acknowledges, with thanks, Ramon Pinuaga Cascales of s21sec.com for bringing this issue to our attention.
This issue can occur in the following releases:
There are no reliable symptoms that would show the described issue has been exploited.
There is no workaround. Please see the "Resolution" section below.
This issue is addressed in the following releases:
Note: iPlanet Messaging Server 5.2 patch 5.2hf2.02 is available through normal support channels.
iPlanet Messaging Server 5.2
This solution has no attachment