CVE-2006-3159
Severity Score
2.1
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
pipe_master in Sun ONE/iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003) allows local users to read portions of restricted files via a symlink attack on msg.conf in a directory identified by the CONFIGROOT environment variable, which returns the first line of the file in an error message.
pipe_master de Sun ONE/iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003) permite a usuarios locales leer partes de archivos restringidos a través de un ataque "symlink" (de enlace simbólicio) en msg.conf en un directorio identificado por la variable de entorno CONFIGROOT, lo que devuelve la primera línea del fichero en un mensaje de error.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2006-06-22 CVE Reserved
- 2006-06-22 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046920.html | Mailing List | |
| http://secunia.com/advisories/20919 | Third Party Advisory | |
| http://securitytracker.com/id?1016312 | Vdb Entry | |
| http://securitytracker.com/id?1016416 | Vdb Entry | |
| http://www.securityfocus.com/bid/18749 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2006/2633 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/27220 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-102496-1 | 2017-07-20 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sun Search vendor "Sun" | Iplanet Messaging Server Search vendor "Sun" for product "Iplanet Messaging Server" | 5.2 Search vendor "Sun" for product "Iplanet Messaging Server" and version "5.2" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | One Messaging Server Search vendor "Sun" for product "One Messaging Server" | 5.2 Search vendor "Sun" for product "One Messaging Server" and version "5.2" | - |
Affected
| ||||||