Category
Security
Release Phase
Resolved
Bug Id
6180366
Date of Resolved Release15-DEC-2004
Impact
A security vulnerability in iPlanet Messaging Server/Sun ONE Messaging Server may allow a remote unprivileged user the ability to direct a local user's browser (Internet Explorer) to execute javascript to gain unauthorized access by using a specially crafted email message.
Note: This issue only occurs when the client browser is Internet Explorer (IE).
Contributing Factors
This issue can occur in the following releases:
SPARC Platform
-
iPlanet Messaging Server 5.2 (for Solaris 2.6 and Solaris 8) without patch 5.2hf2.02
-
Sun ONE Messaging Server 6.1 (for Solaris 8 and Solaris 9) without patch 116568-56
x86 Platform
-
Sun ONE Messaging Server 6.1 (for Solaris 9) without patch 116569-56
Linux Platform
-
Sun ONE Messaging Server 6.1 (for RHEL 2.1) without patch 117758-05
Notes:
-
iPlanet Messaging Server 5.2 is not supported on Solaris 7.
-
Sun ONE Messaging Server 6.1 is not supported on Solaris 7 or Solaris 8 on the x86 platform.
Symptoms
There are no predictable symptoms that would indicate the described issue has occurred.
Workaround
There is no workaround for this issue. Please see the "Resolution" section below.
Resolution
This issue is addressed in the following releases:
SPARC Platform
-
iPlanet Messaging Server 5.2 (for Solaris 2.6 and Solaris 8) with patch 5.2hf2.02 or later
-
Sun ONE Messaging Server 6.1 (for Solaris 8 and 9) with patch 116568-56 or later
x86 Platform
-
Sun ONE Messaging Server 6.1 (for Solaris 9) with patch 116569-56 or later
Linux Platform
-
Sun ONE Messaging Server 6.1 (for RHEL 2.1) with patch 117758-05 or later
Note: iPlanet Messaging Server 5.2 patch 5.2hf2.02 is available to all customers regardless of support contract and can be obtained by contacting Sun Support and Services.
Modification History
ProductiPlanet Messaging Server 5.2
References
116568-56
116569-56
117758-05
AttachmentsThis solution has no attachment