Skip to main content

Novell NetIdentity Client Agent Remote Code Execution Vulnerability

Last Update Date: 28 Jan 2011 Release Date: 8 Apr 2009 5435 Views

RISK: Medium Risk

A vulnerability has been identified in Novell NetIdentity Client, which could be exploited by attackers to compromise a vulnerable system. This issue is caused by an input validation error within "xtagent.exe" when handling RPC messages over the "XTIERRPCPIPE" named pipe, which could be exploited by attackers to dereference a pointer and execute arbitrary code with SYSTEM privileges.


Impact

  • Remote Code Execution

System / Technologies affected

  • Novell NetIdentity Client versions prior to 1.2.4 build 1.2.612

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.


Vulnerability Identifier

  • No CVE information is available

Source


Related Link