Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.NOVELL_MESSENGER_MEMORY_DISCLOSURE.NASL
HistoryNov 02, 2011 - 12:00 a.m.

Novell Messenger Server Memory Information Disclosure

2011-11-0200:00:00
This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
www.tenable.com
8

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.388 Low

EPSS

Percentile

97.3%

JSON

The installed version of Novell Messenger Server, formerly known as GroupWise Messenger, is earlier than 2.2.1. It thus is potentially affected by an information disclosure vulnerability whereby a remote, unauthenticated attacker could send commands that would force the Messenger server process to return the contents of arbitrary memory locations. This data could potentially include strings containing the credentials used by Messenger to authenticate to directory services.

#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(56691);
  script_version("1.6");
  script_cvs_date("Date: 2018/11/15 20:50:27");

  script_cve_id("CVE-2011-3179");
  script_bugtraq_id(50433);

  script_name(english:"Novell Messenger Server Memory Information Disclosure");
  script_summary(english:"Checks version of Novell Messenger");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host has an instant messaging product installed
that is affected by an information disclosure vulnerability.");
  script_set_attribute(attribute:"description", value:
"The installed version of Novell Messenger Server, formerly known as
GroupWise Messenger, is earlier than 2.2.1. It thus is potentially
affected by an information disclosure vulnerability whereby a remote,
unauthenticated attacker could send commands that would force the
Messenger server process to return the contents of arbitrary memory
locations. This data could potentially include strings containing the
credentials used by Messenger to authenticate to directory services.");

  script_set_attribute(attribute:"see_also", value:"https://support.microfocus.com/kb/doc.php?id=7009634");
  script_set_attribute(attribute:"solution", value:"Upgrade to Novell Messenger 2.2.1 or later.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2011/10/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2011/10/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/11/02");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:novell:groupwise_messenger");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");

  script_dependencies("smb_enum_services.nasl", "smb_hotfixes.nasl");
  script_require_keys("SMB/Registry/Enumerated");
  script_require_ports(139, 445);

  exit(0);
}

include('audit.inc');
include('global_settings.inc');
include('misc_func.inc');
include('smb_func.inc');

if (report_paranoia < 2)
{
  status = get_kb_item_or_exit('SMB/svc/nnmMessagingAgent');
  if (status != SERVICE_ACTIVE) exit(0, 'The Novell Messaging Agent Service is installed but not active.');
}

login  = kb_smb_login();
pass   = kb_smb_password();
domain = kb_smb_domain();
port   = kb_smb_transport();

if(! smb_session_init()) audit(AUDIT_FN_FAIL, 'smb_session_init');

rc = NetUseAdd(login:login, password:pass, domain:domain, share:'IPC$');
if (rc != 1)
{
  NetUseDel();
  audit(AUDIT_SHARE_FAIL,"IPC$");
}

hklm = RegConnectRegistry(hkey:HKEY_LOCAL_MACHINE);
if (isnull(hklm))
{
  NetUseDel();
  audit(AUDIT_REG_FAIL);
}

path = NULL;
key = 'SOFTWARE\\NOVELL\\Messenger\\MessagingAgent\\CurrentVersion';
key_h = RegOpenKey(handle:hklm, key:key, mode:MAXIMUM_ALLOWED);
if (!isnull(key_h))
{
  item = RegQueryValue(handle:key_h, item:'Pathname');
  if (!isnull(item))
  {
    path = item[1];
    RegCloseKey(handle:key_h);
  }
}
RegCloseKey(handle:hklm);

if (isnull(path))
{
  NetUseDel();
  exit(0, 'Novell Messenger Server wasn\'t detected on the remote host.');
}

share = ereg_replace(pattern:'^([A-Za-z]):.*', replace:'\\1$', string:path);
path = ereg_replace(pattern:'^[A-Za-z]:(.*)\\\\[A-Za-z]+.dll', replace:'\\1', string:path);
exe = path + '\\nmma.exe';

NetUseDel(close:FALSE);
rc = NetUseAdd(login:login, password:pass, domain:domain, share:share);
if (rc != 1)
{
  NetUseDel();
  audit(AUDIT_SHARE_FAIL,share);
}

fh = CreateFile(
  file:exe,
  desired_access:GENERIC_READ,
  file_attributes:FILE_ATTRIBUTE_NORMAL,
  share_mode:FILE_SHARE_READ,
  create_disposition:OPEN_EXISTING
);

if (isnull(fh))
{
  NetUseDel();
  exit(1, 'Couldn\'t open file \''+path+'\\nmma.exe\'.');
}

ver = GetFileVersion(handle:fh);
CloseFile(handle:fh);
NetUseDel();

if (isnull(ver)) exit(1, "Couldn't get file version of '"+(share-'$')+":"+exe+"'.");

version = ver[0] + '.' + ver[1] + '.' + ver[2];
if (ver_compare(ver:ver, fix:'2.2.1.0') == -1)
{
  if (report_verbosity > 0)
  {
    report =
      '\n  Path              : ' + (share-'$')+":"+path +
      '\n  Installed version : ' + version +
      '\n  Fixed version     : 2.2.1\n';
    security_warning(port:port, extra:report);
  }
  else security_warning(port);
  exit(0);
}
else exit(0, 'The Novell Messenger Server '+version+' install on the host is not affected.');
VendorProductVersionCPE
novellgroupwise_messengercpe:/a:novell:groupwise_messenger

Related

prion 1
cvelist 1
checkpoint_advisories 1
nvd 1
cve 1
prion
prion
Command injection
2011-12-08 11:55:00
cvelist
cvelist
CVE-2011-3179
2022-10-03 16:15:07
checkpoint_advisories
checkpoint_advisories
Novell Groupwise Messenger Server Process Memory Information Disclosure (CVE-2011-3179)
2012-05-14 00:00:00
nvd
nvd
CVE-2011-3179
2011-12-08 11:55:01
cve
cve
CVE-2011-3179
2022-10-03 16:15:07

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.388 Low

EPSS

Percentile

97.3%

JSON
Related for NOVELL_MESSENGER_MEMORY_DISCLOSURE.NASL
prion1cvelist1checkpoint_advisories1nvd1cve1