Novell Messenger Server Process Memory Remote Information Disclosure

This script is Copyright (C) 2011-2012 Tenable Network Security, Inc.


Synopsis :

The remote host has an instant messaging product running that is
affected by an information disclosure vulnerability.

Description :

The running version of Novell Messenger Server, formerly known as
GroupWise Messenger, is earlier than 2.2.1. As such, it is
potentially affected by an information disclosure vulnerability
whereby a remote, unauthenticated attacker could send commands that
would force the Messenger server process to return the contents of
arbitrary memory locations. This data could potentially include
strings containing the credentials used by Messenger to authenticate
to directory services.

See also :

http://www.novell.com/support/viewContent.do?externalId=7009634

Solution :

Upgrade to Novell Messenger 2.2.1 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 4.1
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 56812 ()

Bugtraq ID: 50443

CVE ID: CVE-2011-3179