Novell Messenger Server Memory Information Disclosure

This script is Copyright (C) 2011-2015 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an instant messaging product installed
that is affected by an information disclosure vulnerability.

Description :

The installed version of Novell Messenger Server, formerly known as
GroupWise Messenger, is earlier than 2.2.1. It thus is potentially
affected by an information disclosure vulnerability whereby a remote,
unauthenticated attacker could send commands that would force the
Messenger server process to return the contents of arbitrary memory
locations. This data could potentially include strings containing the
credentials used by Messenger to authenticate to directory services.

See also :

http://www.novell.com/support/viewContent.do?externalId=7009634

Solution :

Upgrade to Novell Messenger 2.2.1 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 4.8
(CVSS2#E:F/RL:U/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 56691 ()

Bugtraq ID: 50433

CVE ID: CVE-2011-3179

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now