Novell Messenger Server Memory Information Disclosure
Medium Nessus Plugin ID 56691
SynopsisThe remote Windows host has an instant messaging product installed that is affected by an information disclosure vulnerability.
DescriptionThe installed version of Novell Messenger Server, formerly known as GroupWise Messenger, is earlier than 2.2.1. It thus is potentially affected by an information disclosure vulnerability whereby a remote, unauthenticated attacker could send commands that would force the Messenger server process to return the contents of arbitrary memory locations. This data could potentially include strings containing the credentials used by Messenger to authenticate to directory services.
SolutionUpgrade to Novell Messenger 2.2.1 or later.