Security Vulnerability - Novell/GroupWise Messenger Server Memory Disclosure Vulnerability

  • 7009634
  • 25-Oct-2011
  • 26-Apr-2012

Environment

Novell Messenger 2.2.0
Novell Messenger 2.1
GroupWise Messenger 2.04 (and earlier)

Situation

Novell Messenger (formerly GroupWise Messenger) is vulnerable to an exploit whereby an unauthenticated attacker could send commands that would force the Messenger server process to return the contents of arbitrary memory locations, which could potentially include strings containing the credentials used by Messenger to authenticate to directory services.

This vulnerability was discovered and reported by Luigi Auriemma working with Verisign's iDefense Labs (http://www.idefense.com)
 
Novell bug 712158, CVE-2011-3179

Resolution

To resolve this issue, upgrade your Messenger system to version 2.2.1 (or higher).

Bug Number

712158