Category
Security
Release Phase
Resolved
Bug Id
5072113
Date of Resolved Release08-NOV-2004
Impact
A security vulnerability in iPlanet Messaging Server/Sun ONE Messaging web-based e-mail may allow a remote unprivileged user the ability to gain unauthorized access to a webmail user's e-mail using a specially crafted e-mail message.
Sun acknowledges, with thanks, Ramon Pinuaga Cascales of s21sec.com for bringing this issue to our attention.
Contributing Factors
This issue can occur in the following releases:
SPARC Platform
-
iPlanet Messaging Server 5.2 (for Solaris 2.6 and Solaris 8) without patch 5.2hf2.02
-
Sun ONE Messaging Server 6.1 (for Solaris 8 and Solaris 9) without patch 116568-55
x86 Platform
-
Sun ONE Messaging Server 6.1 (for Solaris 9) without patch 116569-55
Linux
-
Sun ONE Messaging Server 6.1 (for RHEL 2.1) without patch 117758-04
Notes:
-
iPlanet Messaging Server 5.2 is not supported on Solaris 7.
-
Sun ONE Messaging Server 6.1 is not supported on Solaris 7 or Solaris 8 on the x86 platform.
Symptoms
There are no reliable symptoms that would show the described issue has been exploited.
Workaround
There is no workaround. Please see the "Resolution" section below.
Resolution
This issue is addressed in the following releases:
SPARC Platform
-
iPlanet Messaging Server 5.2 (for Solaris 2.6 and Solaris 8) with patch 5.2hf2.02 or later
-
Sun ONE Messaging Server 6.1 (for Solaris 8 and 9) with patch 116568-55 or later
x86 Platform
-
Sun ONE Messaging Server 6.1 (for Solaris 9) with patch 116569-55 or later
Linux
-
Sun ONE Messaging Server 6.1 (for RHEL 2.1) with patch 117758-05 or later
Note: iPlanet Messaging Server 5.2 patch 5.2hf2.02 is available through normal support channels.
Modification History
ProductiPlanet Messaging Server 5.2
References
116568-55
116569-55
117758-05
AttachmentsThis solution has no attachment