Security Vulnerability - Novell/GroupWise Messenger Server Memory Disclosure Vulnerability

  • 7009634
  • 25-Oct-2011
  • 26-Apr-2012


Novell Messenger 2.2.0
Novell Messenger 2.1
GroupWise Messenger 2.04 (and earlier)


Novell Messenger (formerly GroupWise Messenger) is vulnerable to an exploit whereby an unauthenticated attacker could send commands that would force the Messenger server process to return the contents of arbitrary memory locations, which could potentially include strings containing the credentials used by Messenger to authenticate to directory services.

This vulnerability was discovered and reported by Luigi Auriemma working with Verisign's iDefense Labs (
Novell bug 712158, CVE-2011-3179


To resolve this issue, upgrade your Messenger system to version 2.2.1 (or higher).

Bug Number