Novell GroupWise Messenger Discloses Arbitrary Memory Contents to Remote Users
|
|
SecurityTracker Alert ID: 1026257 |
|
SecurityTracker URL: http://securitytracker.com/id/1026257
|
|
CVE Reference:
CVE-2011-3179
(Links to External Site)
|
Date: Oct 31 2011
|
Impact:
Disclosure of authentication information, Disclosure of system information, Disclosure of user information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 2.04, 2.1, 2.2.0; and prior versions
|
Description:
A vulnerability was reported in Novell GroupWise Messenger. A remote user can obtain portions of system memory.
A remote user can send commands to cause the target Messenger server process to return arbitrary memory location contents. This may include the Messenger directory services authentication credentials.
Luigi Auriemma reported this vulnerability via Verisign's iDefense Labs.
|
Impact:
A remote user can obtain portions of system memory.
|
Solution:
The vendor has issued a fix.
The vendor's advisory is available at:
http://www.novell.com/support/viewContent.do?externalId=7009634
|
Vendor URL: www.novell.com/support/viewContent.do?externalId=7009634 (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Mon, 31 Oct 2011 18:31:18 +0000
Subject: Novell GroupWise Messenger / Novell Messenger
|
http://www.novell.com/support/viewContent.do?externalId=7009634
|
|
