CVE-2009-1350

Novell Client/NetIdentity Agent Remote Arbitrary Pointer Dereference Code Execution Vulnerability

Severity Score

10.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Unspecified vulnerability in xtagent.exe in Novell NetIdentity Client before 1.2.4 allows remote attackers to execute arbitrary code by establishing an IPC$ connection to the XTIERRPCPIPE named pipe, and sending RPC messages that trigger a dereference of an arbitrary pointer.

Vulnerabilidad inespecífica en xtagent.exe en Novell NetIdentity Client anteriores v1.2.4 permite a atacantes remotos ejecutar código arbitrario mediante el establecimiento de una conexión IPC$ al tubo XTIERRPCPIPE, y enviando mensajes RPC que inicia una desreferencia de un puntero arbitrario.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware. A valid IPC$ connection must be established in order to exploit this vulnerability.
The specific flaw exists within xtagent.exe during the handling of RPC messages over the XTIERRPCPIPE named pipe. Insufficient sanity checking allows remote attackers to dereference an arbitrary pointer which can be leveraged to execute code under the context of the system user.

*Credits: Ruben Santamarta

CVSS Scores

NISTv2 10.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2009-04-06 CVE Published
2009-04-21 CVE Reserved
2010-11-24 First Exploit
2024-08-07 CVE Updated
2024-10-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-20: Improper Input Validation

CAPEC

References (8)

URL	Tag	Source
http://www.securityfocus.com/archive/1/502514/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/34400	Vdb Entry
http://www.securitytracker.com/id?1021990	Vdb Entry
https://bugzilla.novell.com/show_bug.cgi?id=437511	X_refsource_misc

URL	Date	SRC
https://www.exploit-db.com/exploits/16376	2010-11-24

URL	Date	SRC
http://download.novell.com/Download?buildid=6ERQGPjRZ8o~	2018-10-10
http://www.vupen.com/english/advisories/2009/0954	2018-10-10
http://www.zerodayinitiative.com/advisories/ZDI-09-016	2018-10-10

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Novell Search vendor "Novell"		Netidentity Client1.2.3 Search vendor "Novell" for product "Netidentity Client1.2.3"				*		-		Affected