Novell Client NetIdentity Agent XTIERRPCPIPE pointer dereference vulnerability

2009-07-24T00:00:00
ID SAINT:C15B9C3C48098B5462971817023632C8
Type saint
Reporter SAINT Corporation
Modified 2009-07-24T00:00:00

Description

Added: 07/24/2009
CVE: CVE-2009-1350
BID: 34400
OSVDB: 53351

Background

Novell Client software provides NetWare connectivity to Windows platforms.

Problem

A vulnerability in the **xtagent.exe** program allows remote, authenticated attackers to execute arbitrary commands by sending a specially crafted RPC message to the XTIERRPCPIPE named pipe which dereferences an arbitrary pointer.

Resolution

Apply the Novell NetIdentity 1.2.4 patch.

References

<http://www.zerodayinitiative.com/advisories/ZDI-09-016/>

Limitations

Exploit works on Novell NetIdentity Agent 1.2.3 and requires a valid Windows login and password.

The Crypt::DES, Digest::MD4, and Digest::MD5 packages are required for performing Windows authentication. These packages are available from <http://cpan.org/modules/by-module/>.

Platforms

Windows