The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Sun ONE Messaging Server

computer vulnerability bulletin CVE-2011-0411 CVE-2011-1430 CVE-2011-1431

Exim, Postfix, Qmail-TLS: command injection with STARTTLS

Synthesis of the vulnerability

Even when the SMTP client checks the TLS certificate of the messaging server, an attacker can inject commands in the session.
Impacted products: Debian, Exim, Fedora, Mandriva Linux, NetBSD, openSUSE, Postfix, RHEL, Sun Messaging, SLES, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: data reading, data creation/edition, data flow.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 4.
Creation date: 08/03/2011.
Revision date: 23/05/2011.
Identifiers: BID-46767, CERTA-2011-AVI-146, CERTA-2011-AVI-177, cpuapr2011, CVE-2011-0411, CVE-2011-1430, CVE-2011-1431, CVE-2011-1432, DSA-2233-1, FEDORA-2011-3355, FEDORA-2011-3394, FEDORA-2011-6771, FEDORA-2011-6777, MDVSA-2011:045, openSUSE-SU-2011:0389-1, RHSA-2011:0422-01, RHSA-2011:0423-01, SUSE-SR:2011:008, SUSE-SR:2011:009, SUSE-SR:2011:010, SUSE-SU-2011:0520-1, VIGILANCE-VUL-10428, VU#555316.

Description of the vulnerability

An attacker can be a Man-in-the-Middle between a SMTP client and its server, in order to inject SMTP commands. Clients which use TLS detect this attack when they check the signature with the TLS certificate provided by the server.

When the SMTP protocol is encapsulated in a TLS session (RFC 3207), the client starts the SMTP session in text mode, then enters the STARTTLS command, which starts a TLS tunnel, where the SMTP session restarts.

However, if an attacker sends a SMTP command after the STARTTLS, it is in the buffer of the SMTP session. When the session restarts, attacker's command is thus the first to be interpreted. This error is due to the reception buffer which is not emptied before restarting the SMTP session.

Even when the SMTP client checks the TLS certificate of the messaging server, an attacker can therefore inject commands in the session.

This vulnerability is a variant of VIGILANCE-VUL-10463, VIGILANCE-VUL-10513 et VIGILANCE-VUL-11880.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2010-3564 CVE-2010-3575

Oracle Communications Messaging Server: several vulnerabilities of October 2010

Synthesis of the vulnerability

Several vulnerabilities of Oracle Communications Messaging Server (Sun Java System Messaging Server) are corrected by the CPU of October 2010.
Impacted products: Oracle Communications, Sun Messaging.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 13/10/2010.
Identifiers: BID-43947, BID-43963, CVE-2010-3564, CVE-2010-3575, VIGILANCE-VUL-10036.

Description of the vulnerability

The CPU (Critical Patch Update) of October 2010 corrects several vulnerabilities of Oracle Communications Messaging Server (Sun Java System Messaging Server).

An attacker can use a vulnerability of Webmail, in order to obtain or to alter information. [severity:3/4; BID-43963, CVE-2010-3564]

An attacker can use a vulnerability of Webmail, in order to obtain or to alter information. [severity:3/4; BID-43947, CVE-2010-3575]
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2008-5098

Sun Java System Messaging: Cross Site Scripting of Webmail

Synthesis of the vulnerability

An attacker can execute JavaScript code in the browser of a user, by using a malicious email.
Impacted products: Sun Messaging.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 13/11/2008.
Identifiers: 242186, 6683220, BID-32285, CVE-2008-5098, VIGILANCE-VUL-8244.

Description of the vulnerability

The Webmail service can be activated on Sun Java System Messaging Server in order to provide a web access to mailboxes.

When a user opens a malicious email, some scripts contained in this email are executed.

An attacker can therefore execute JavaScript code in user's browser.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2006-5653 CVE-2007-2904

Sun Java System Messaging: Cross Site Scripting of errorHTML

Synthesis of the vulnerability

An attacker may execute Javascript code in the browser of an user, by using a malicious email.
Impacted products: Sun Messaging.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 24/05/2007.
Identifiers: 102909, 6509577, BID-20832, CVE-2006-5653, CVE-2007-2904, VIGILANCE-VUL-6836.

Description of the vulnerability

The Webmail service can be activated on Sun Java System Messaging Server in order to provide a web access to mailboxes.

The errorHTML() function of the script indexing the root directory does not correctly filter the "error" parameter. Data from this parameter are thus displayed on the website.

An attacker may therefore send an email in order to execute Javascript code in user's browser.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2006-5486

Sun Java System Messaging: Cross Site Scripting of Webmail

Synthesis of the vulnerability

An attacker can execute Javascript code in the browser of a user, by using a malicious email.
Impacted products: Sun Messaging.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 25/10/2006.
Identifiers: 102497, 6441335, BID-20718, CVE-2006-5486, VIGILANCE-VUL-6248.

Description of the vulnerability

The Webmail service can be activated on Sun Java System (iPlanet) Messaging Server in order to provide a web access to mailboxes.

When a user opens a malicious email, some scripts contained in this email are executed.

An attacker can therefore execute Javascript code in user's browser.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2006-4339 CVE-2006-4340 CVE-2006-4790

OpenSSL / GnuTLS / NSS: bypassing a PKCS#1 signature check

Synthesis of the vulnerability

An attacker can create a malicious PKCS #1 signature which will be accepted as valid by OpenSSL, GnuTLS or NSS.
Impacted products: CiscoWorks, Cisco CSS, Cisco IPS, Cisco Prime Central for HCS, Secure ACS, WebNS, Debian, Fedora, FreeBSD, Tru64 UNIX, HP-UX, BIND, Mandriva Linux, Mandriva NF, NetBSD, OpenSSL, openSUSE, Oracle Directory Server, Oracle iPlanet Web Proxy Server, Oracle iPlanet Web Server, Java Oracle, Solaris, Trusted Solaris, RHEL, Slackware, Sun AS, Sun Messaging, ASE, InterScan VirusWall, TurboLinux.
Severity: 2/4.
Consequences: data flow.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 05/09/2006.
Revisions dates: 07/09/2006, 14/09/2006, 15/09/2006.
Identifiers: 102622, 102648, 102686, 102696, 102722, 102744, 102759, 102781, 102970, 10332, 20060901-01-P, 200708, 201255, 6378707, 6466389, 6467218, 6469236, 6469538, 6472033, 6473089, 6473494, 6488248, 6499438, 6567841, 6568090, BID-19849, c00794048, c00849540, c00967144, cisco-sr-20061108-openssl, CSCek57074, CSCsg09619, CSCsg24311, CSCsg58599, CSCsg58607, CSCtx20378, CVE-2006-4339, CVE-2006-4340, CVE-2006-4790, DSA-1173-1, DSA-1174-1, DSA-1182-1, emr_na-c01070495-1, FEDORA-2006-953, FEDORA-2006-974, FEDORA-2006-979, FreeBSD-SA-06:19.openssl, HPSBTU02207, HPSBUX02165, HPSBUX02186, HPSBUX02219, MDKSA-2006:161, MDKSA-2006:166, MDKSA-2006:207, NetBSD-SA2006-023, RHSA-2006:0661, RHSA-2006:0680-01, RHSA-2008:0264-01, RHSA-2008:0525-01, RT #16460, secadv_20060905, SSA:2006-310-01, SSRT061213, SSRT061239, SSRT061266, SSRT061273, SSRT071299, SSRT071304, SUSE-SA:2006:055, SUSE-SA:2006:061, SUSE-SR:2006:023, SUSE-SR:2006:026, TLSA-2006-29, VIGILANCE-VUL-6140, VU#845620.

Description of the vulnerability

The RSA Algorithm uses the following principle:
  Cipher = Message^e (mod n)
  Cipher^d (mod n) = Message
With:
 - n is the product of two big prime numbers
 - e is the public exponent, generally 3, 17 or 65537

The PKCS #1 standard defines features and usage of RSA algorithm.

The crypto/rsa/rsa_sign.c file contains the RSA_verify() function. This function does not correctly manage long paddings. When the public exponent is small (3, or 17 if modulo uses 4096 bits), this error leads to validation of invalid signatures.

This vulnerability permits an attacker to create a malicious PKCS #1 signature which will be accepted as valid by OpenSSL, GnuTLS or NSS.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2006-3159

iPlanet Messaging Server: file reading with pipe_master

Synthesis of the vulnerability

A local attacker can use pipe_master to read the first line of read protected files.
Impacted products: Sun Messaging.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 15/06/2006.
Identifiers: 102496, 6441337, CVE-2006-3159, VIGILANCE-VUL-5928.

Description of the vulnerability

The iPlanet Messaging Server server installs several suid root programs. Some of theses programs, such as pipe_master, use $CONFIGROOT/msg.conf as configuration file.

However, pipe_master does not check for symlinks. A local attacker can therefore create a symlink named msg.conf pointing to a system file. The first line of this file is displayed as an error message of pipe_master.

This vulnerability therefore permits a local attacker to read a read protected file.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2005-2022

Sun ONE Messaging : Cross Site Scripting de Webmail

Synthesis of the vulnerability

Un attaquant peut faire exécuter du code Javascript dans le navigateur d'un utilisateur à l'aide d'un mail illicite.
Impacted products: Sun Messaging.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 20/06/2005.
Identifiers: 101770, 6284060, BID-13988, BID-9998, CVE-2005-2022, V6-IPLANETIEWEBMAILXSS, VIGILANCE-VUL-5023.

Description of the vulnerability

Le service Webmail s'active sur Sun ONE Messaging Server afin que les utilisateurs distants consultent leurs boîtes aux lettres par l'intermédiaire d'un navigateur web.

Lorsqu'un utilisateur ouvre un email spécialement formaté avec Internet Explorer, certains scripts contenus dans le mail sont exécutés.
 
Un attaquant peut donc faire exécuter du code Javascript dans le navigateur d'un utilisateur.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin 4568

Cross Site Scripting du Webmail

Synthesis of the vulnerability

Le service Webmail de iPlanet/SunONE/SunJava Messaging Server est sensible à une attaque de type Cross Site Scripting.
Impacted products: Solaris, Trusted Solaris, RHEL, Sun Messaging.
Severity: 2/4.
Consequences: privileged access/rights.
Provenance: document.
Creation date: 16/12/2004.
Identifiers: BID-11972, Sun Alert 57691, Sun Alert ID 57691, V6-IPLANETWEBMAILJSCRIPT, VIGILANCE-VUL-4568.

Description of the vulnerability

Le service Webmail s'active sur Sun Java System Messaging Server afin que les utilisateurs distants consultent leurs boîtes aux lettres par l'intermédiaire d'un navigateur web.
 
Lorsqu'un utilisateur ouvre un email spécialement formaté avec Internet Explorer, certains scripts contenus dans le mail sont exécutés.
 
Un attaquant peut donc créer un email pour exécuter du code et obtenir un accès non autorisé sur le serveur.
Full Vigil@nce bulletin... (Free trial)

vulnerability 3540

Cross Site Scripting du Webmail

Synthesis of the vulnerability

Le service Webmail de iPlanet/SunONE/SunJava Messaging Server est sensible à une attaque de type Cross Site Scripting.
Impacted products: Sun Messaging.
Severity: 2/4.
Consequences: client access/rights, data creation/edition.
Provenance: document.
Creation date: 28/05/2003.
Revision date: 09/11/2004.
Identifiers: BID-11636, BID-7704, Sun Alert 57665, Sun Alert ID 57665, V6-IPLANETMSWEBMAILXSS, VIGILANCE-VUL-3540.

Description of the vulnerability

Le service Webmail s'active sur Sun Java System Messaging Server afin que les utilisateurs distants consultent leurs boîtes aux lettres par l'intermédiaire d'un navigateur web.

Lorsqu'un email contient une pièce jointe, l'utilisateur peut cliquer sur son icône pour la visualiser. Cependant, certains scripts contenus dans la pièce jointe sont directement exécutés, sans être préalablement vérifiés.

Un attaquant peut donc créer un email dont la pièce jointe contienne un script copiant l'identifiant de session. Comme ce script est exécuté dans le contexte du service Webmail, il est autorisé à obtenir cet identifiant.

Cette vulnérabilité permet ainsi à un attaquant distant d'accéder aux boîtes aux lettres des utilisateurs.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.