Novell Messenger Server Process Memory Remote Information Disclosure

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.


Synopsis :

The remote host has an instant messaging product running that is
affected by an information disclosure vulnerability.

Description :

The running version of Novell Messenger Server, formerly known as
GroupWise Messenger, is earlier than 2.2.1. As such, it is
potentially affected by an information disclosure vulnerability
whereby a remote, unauthenticated attacker could send commands that
would force the Messenger server process to return the contents of
arbitrary memory locations. This data could potentially include
strings containing the credentials used by Messenger to authenticate
to directory services.

See also :

http://www.novell.com/support/viewContent.do?externalId=7009634

Solution :

Upgrade to Novell Messenger 2.2.1 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 4.1
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 56812 ()

Bugtraq ID: 50443

CVE ID: CVE-2011-3179

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial