Environment
Novell Messenger 2.2.0
Novell Messenger 2.1
GroupWise Messenger 2.04 (and earlier)
Situation
Novell Messenger (formerly GroupWise Messenger) is vulnerable to an exploit whereby an unauthenticated attacker could send commands that would force the Messenger server process to return the contents of arbitrary memory locations, which could potentially include strings containing the credentials used by Messenger to authenticate to directory services.
This vulnerability was discovered and reported by Luigi Auriemma working with Verisign's iDefense Labs (http://www.idefense.com)
Novell bug 712158, CVE-2011-3179
Resolution
To resolve this issue, upgrade your Messenger system to version 2.2.1 (or higher).
Bug Number
712158