[VIM] Sun confirms SUNALERT:102496 link to CVE-2006-3159
Steven M. Christey
coley at mitre.org
Mon Jul 3 16:20:51 EDT 2006
We just received e-mail confirmation from Sun that their
SUNALERT:102496 is in fact related to the Full-Disclosure post from a
couple weeks back (CVE-2006-3159). The details in the alert were a
little vague albeit fairly similar, but the lack of cross-references
made things too uncertain by CVE's standards.
Reference: FULLDISC:20060614 Sun iPlanet Messaging Server 5.2 root password compromise
pipe_master in Sun ONE/iPlanet Messaging Server 5.2 HotFix 1.16 (built
May 14 2003) allows local users to read portions of restricted files
via a symlink attack on msg.conf in a directory identified by the
CONFIGROOT environment variable, which returns the first line of the
file in an error message.
More information about the VIM