10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.965 High
EPSS
Percentile
99.6%
Added: 07/24/2009
CVE: CVE-2009-1350
BID: 34400
OSVDB: 53351
Novell Client software provides NetWare connectivity to Windows platforms.
A vulnerability in the **xtagent.exe**
program allows remote, authenticated attackers to execute arbitrary commands by sending a specially crafted RPC message to the XTIERRPCPIPE named pipe which dereferences an arbitrary pointer.
Apply the Novell NetIdentity 1.2.4 patch.
<http://www.zerodayinitiative.com/advisories/ZDI-09-016/>
Exploit works on Novell NetIdentity Agent 1.2.3 and requires a valid Windows login and password.
The Crypt::DES, Digest::MD4, and Digest::MD5 packages are required for performing Windows authentication. These packages are available from <http://cpan.org/modules/by-module/>.
Windows