Novell NetIdentity Client Agent Remote Code Execution Vulnerability
Last Update Date:
28 Jan 2011
Release Date:
8 Apr 2009
5435
Views
RISK: Medium Risk
A vulnerability has been identified in Novell NetIdentity Client, which could be exploited by attackers to compromise a vulnerable system. This issue is caused by an input validation error within "xtagent.exe" when handling RPC messages over the "XTIERRPCPIPE" named pipe, which could be exploited by attackers to dereference a pointer and execute arbitrary code with SYSTEM privileges.
Impact
- Remote Code Execution
System / Technologies affected
- Novell NetIdentity Client versions prior to 1.2.4 build 1.2.612
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Upgrade to Novell NetIdentity Client version 1.2.4 build 1.2.612 :
http://download.novell.com/Download?buildid=6ERQGPjRZ8o~
Vulnerability Identifier
- No CVE information is available
Source
Related Link
Share with