Novell GroupWise Messenger Accept Language Remote Overflow

Critical Nessus Plugin ID 21243


It is possible to execute code on the remote web server.


The remote host is running Novell Messenger Messaging Agent, an enterprise instant messaging server for Windows, Linux, and Netware.

This version of this service is running an HTTP server which is vulnerable to a stack overflow.

An attacker can exploit this vulnerability to execute code on the remote host.


Upgrade to Groupwise Messenger 2.0.1 beta3 or later.

See Also

Plugin Details

Severity: Critical

ID: 21243

File Name: nmma_overflow.nasl

Version: $Revision: 1.16 $

Type: remote

Published: 2006/04/19

Modified: 2011/11/15

Dependencies: 21242

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 9.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:U/RC:C

Vulnerability Information

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2006/04/13

Vulnerability Publication Date: 2006/04/13

Exploitable With


Core Impact

Metasploit (Novell Messenger Server 2.0 Accept-Language Overflow)

Reference Information

CVE: CVE-2006-0992

BID: 17503

OSVDB: 24617