Novell Messenger Server Memory Information Disclosure

Medium Nessus Plugin ID 56691


The remote Windows host has an instant messaging product installed that is affected by an information disclosure vulnerability.


The installed version of Novell Messenger Server, formerly known as GroupWise Messenger, is earlier than 2.2.1. It thus is potentially affected by an information disclosure vulnerability whereby a remote, unauthenticated attacker could send commands that would force the Messenger server process to return the contents of arbitrary memory locations. This data could potentially include strings containing the credentials used by Messenger to authenticate to directory services.


Upgrade to Novell Messenger 2.2.1 or later.

See Also

Plugin Details

Severity: Medium

ID: 56691

File Name: novell_messenger_memory_disclosure.nasl

Version: $Revision: 1.4 $

Type: local

Agent: windows

Family: Windows

Published: 2011/11/02

Modified: 2015/01/12

Dependencies: 13855, 10456

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:F/RL:U/RC:ND

Vulnerability Information

CPE: cpe:/a:novell:groupwise_messenger

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2011/10/25

Vulnerability Publication Date: 2011/10/25

Reference Information

CVE: CVE-2011-3179

BID: 50433

OSVDB: 76729