Check Point Advisories

Update Protection against Novell Client NetIdentity Agent Remote Code Execution

Check Point Reference: CPAI-2009-209
Date Published: 24 Jul 2009
Severity: Critical
Last Updated: Thursday 01 January, 2009
Source: Secunia: SA34574
Industry Reference:

CVE-2009-1350

Protection Provided by:
Who is Vulnerable? Novell NetIdentity Agent prior to 1.2.4
Vulnerability Description A remote code execution vulnerability exists in Novell Client NetIdentity Agent. The Novell NetIdentity agent works with eDirectory authentication to provide background authentication to Windows Web-based applications that require eDirectory authentication. The flaw is due to insufficient sanity check when processing crafted RPC messages. An attacker could exploit this vulnerability by sending a specially crafted RPC message to the affected service.
Vulnerability DetailsThe vulnerability is due to insufficient input validation when handling RPC messages received at the XTIERRPCPIPE named pipe. Remote attackers could exploit this vulnerability by sending a carefully crafted RPC request to the XTIERRPCPIPE named pipe of a vulnerable Novell NetIdentity agent. Successful exploitation would result in execution of arbitrary code

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK